Beta Book

Execute(b,c,b); } catch(e) {}
}



Let??™s fire that up inside Internet Explorer.
Figure 15-5 ADODB.Connection crash with AxMan
Bingo! You can see in Figure 15-6 that we hit the same crash outside AxMan with a
simple HTML test file. If you test this same HTML snippet after applying the Microsoft
security update, you??™ll find it fixed. That was pretty easy! If this were actually a new crash
that reproduced consistently with a fully patched application, the next step would be to
determine whether the crash were exploitable.We learned earlier in the book how to do
this. For any exploitable vulnerability, we??™d want to next report it to the affected vendor.
The vulnerability report should include a small HTML snippet likewe created earlier, the
DLL version of the object being tested, and the IE/OS platform.
Okay, let??™s say that you??™ve e-mailed the vulnerability to the vendor and have received
confirmation of your report. Now you??™d like to continue fuzzing both this control and
other objects in your list. Unfortunately, ADODB.Connection was the first ActiveX control
in the list on at least one ofmy test machines, and the Execute() method is very early
in the list of methods.


Pages:
665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689