:. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: sasatl.dll 1.5.0.531 Program Checker - Javascript Heap Spraying Exploit ========================================== Internal ID: VULWAR200707101. Introduction --------------- sasatl.dll is a library included in the Program Checker Pro software package from the Zenturi. (http://www.programchecker.com) Tested In ----------- - Windows XP SP1/SP2 english/french with IE 6.0 / 7.0. - Windows vista Professional English/French SP1 with IE 7.0 Summary ------------ The Fill method is prone to a stack-based buffer-overflow vulnerability because it fails to properly check boundaries. Impact --------- An attacker could execute arbitrary code into the remote machine. Workaround --------------- - Activate the Kill bit zero in clsid:7D6B5B29-FC7E-11D1-9288-00104B885781. - Unregister sasatl.dll using regsvr32. Timeline ---------- July 10, 2007 -- Bug published. Credits --------- * callAX * GoodFellas Security Research Team Proof of Concept ----------------