2 comments on “Spraying the heap in seconds using ActiveX controls in Microsoft Office

  1. I tried your solution on the exploit CVE-2015-1641 with hash 37e8339b42bb9a8d0abf109ec1ec27a4c6b9fc31a95e95dcf72a9aa811f59b62, like replacing the Class ID with ={00000000-0000-0000-0000-000000000001} on the activex[1].xml… activex[40].xml but it is still takes more than 1 minute and 30 second. what shall i do to make it more fast?

    Thank you in advance

  2. Well I have tested most combinations on number of xmls to size of active.bin so I’m certain there is no other way making it anymore faster. You just have to experiment yourself unfortunately.

Leave a Reply

Your email address will not be published. Required fields are marked *