Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute

This module exploits a vulnerability in Icona SpA C6 Messenger 1.0.0.1. The vulnerability is in the DownloaderActiveX Control DownloaderActiveX.ocx. The insecure control can be abused to download and execute arbitrary files in the context of the currently logged-on user. This module requires...

Code injection

The DownloaderActiveX Control DownloaderActiveX.ocx in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run."...

CVE-2008-2551

CVE-2008-2551 – Icona SpA C6 Messenger DownloaderActiveX control : The DownloaderActiveX.ocx in C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in propDownloadUrl when propPostDownloadAction is set to “run.” This is a remote code execu...

CVE-2008-2551

The DownloaderActiveX Control DownloaderActiveX.ocx in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run."...

c6msg-activex.txt

!-- C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit by Nine:Situations:Group::SnoopyAssault site: http://retrogod.altervista.org/ "C6 Messenger is an instant messaging program produced by Telecom Italia Group, specifically by Alice distribution, Icon Spa...

[NSG 03-06-2008] C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit

!-- C6 Messenger Installation Url DownloaderActiveX Control Remote Download & Execute Exploit by Nine:Situations:Group::SnoopyAssault site: http://retrogod.altervista.org/ exploit url: http://retrogod.altervista.org/9sgc6downloadexec.html "C6 Messenger is an instant messaging program produced by...