=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- BitDefender OScan8.ocx / Oscan81.ocx ActiveX Exploit =-=-=-=-=-=-=-=-=-=-=-=-PRIVATE! NOT PUBLIC!=-=-=-=-=-=-=-=-=-=-=-=- http://research.eeye.com/html/advisories/published/AD20071120.html http://secunia.com/advisories/27717/ This works not 100% - it corrupts random memory in the browser and Launches calculator with success. Users have had this installed since 2006! With no autoupdates :) Google Search of BD OSCAN = http://www.google.com/search?hl=ar&safe=off&rls=fr&hs=P4T&q=%225D86DDB5-BDF9-441B-9E9E-D4730F4EE499%22&btnG=Search Modify the values in these to help keep it stable: 'SiteAuthority' - different memory address ?? - it turns values to literal address ! while (SiteAuthority.length < 60000) - Maybe larger/smaller? Crashes IE even if it fails Tested with Forum XSS Injections + Wordpress 0day + CMS Injections Nphinity #SAMAH/#SYR/#SHAHADA mesra.kl.my.dal.net =-=-=-=-=-=-=-=-=-=-=-=-PRIVATE! NOT PUBLIC!=-=-=-=-=-=-=-=-=-=-=-=-