Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution

2008-12-19T00:00:00
ID SAINT:138E97B36FF398AEF29D37D4A3706B75
Type saint
Reporter SAINT Corporation
Modified 2008-12-19T00:00:00

Description

Added: 12/19/2008
CVE: CVE-2008-0236
BID: 27205
OSVDB: 40380

Background

Visual FoxPro is a tool for developing database applications.

Problem

The **vfp6r.dll** ActiveX control allows command execution when a user opens a web page which uses the **DoCmd** method.

Resolution

Set the kill bit for class ID 008B6010-1F3D-11D1-B0C8-00A0C9055D74 as described in Microsoft Knowledge Base Article 240797.

References

<http://secunia.com/advisories/28417/>

Limitations

Exploit works on Visual FoxPro 6.0 and requires a user to load the exploit page in Internet Explorer.

In order for this exploit to succeed, first download the exploit.exe file from the exploit server and place it on the specified SMB share, which must be accessible by the target.

In order for the exploit to succeed, the exploit server must be in the Local intranet zone or in the Trusted sites zone on the target, and the option "Initialize and script ActiveX controls not marked as safe" must be set to "Enable", because the affected ActiveX control is marked not safe.

Platforms

Windows