EUVD-2006-6821

Malware in sbrugna...

CVE-2005-2858

The Fetch.FetchContact.1 ActiveX control Fetch.dll for Rediff Bol 7.0 allows remote attackers to read the Windows Address Book via the FullAddressBook method...

Rediff Bol 7.0 Instant Messenger ActiveX Control Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14740/info Rediff Bol Instant Messenger is prone to an information disclosure vulnerability. A malicious ActiveX control could allow an attacker to obtain the contents of a vulnerable user's Windows Address Book. script v...

Rediff Bol 2.0.2 URL Handling Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6670/info It has been reported that a problem in Rediff Bol may allow remote users to log other users out of the Bol chat client. Due to improper handling of some types of requests, a remote user could send an URL request...

Rediff Bol Downloader ActiveX控件远程代码执行漏洞

Rediff Bol Downloader ActiveX控件是一款下载文件控件。 Rediff Bol Downloader ActiveX控件存在设计问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意命令。 Microsoft Internet Explorer在Downloader ActiveX控件指向Intenet上的可执行文件时，可报警，但是如果指向本地文件会没任何提示。构建恶意WEB页，诱使用户处理，可导致泄露敏感信息或下载执行任意命令。 Rediff Bol Downloader ActiveX control 目前没有解决方案提供：...

Rediff Bol Downloader允许文件下载及执行漏洞

Rediff Bol是一款即时通信工具。 Rediff Bol的Downloader控件在处理文件下载时存在漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意命令。 Rediff Bol的Downloader控件允许任意网页下载并执行任意位置的程序而不会对其过滤，在IE中执行远程的程序时会报警，但在执行本地程序时不会有提示。 Rediff Bol Downloader 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://messenger.rediff.com/newbol/ Gregory R. Panakkal...

CVE-2006-6838

Rediff Bol Downloader ActiveX OCX control allows remote attackers to execute arbitrary files, and obtain sensitive information usernames and pathnames, via a URL in the url vbscript parameter...

CVE-2006-6838

The vulnerability CVE-2006-6838 affects the Rediff Bol Downloader ActiveX (OCX) control. The issue allows remote attackers to execute arbitrary files and obtain sensitive information (usernames and pathnames) by supplying a URL in the url vbscript parameter. The connected sources provide no detai...

rediffbol.txt

Rediff Bol Downloader Allows Downloading and Spawning Arbitary Files Affected Program : Rediff Bol Download ActiveX ActiveX OCX Control that downloads the Rediff Bol Messenger setup and spawns it. Related URL : http://messenger.rediff.com/newbol/ Discovered by : Gregory R. Panakkal Vulnerability...

Rediff Bol Downloader (ActiveX Control) Execute Local File Exploit

No description provided by source. !-- Rediff Bol Downloader ActiveX Allows Downloading and Spawning Arbitary Files Affected Program : Rediff Bol Download ActiveX ActiveX OCX Control that downloads the Rediff Bol Messenger setup and spawns it. Related URL : http://messenger.rediff.com/newbol/...

CVE-2006-6838

Rediff Bol Downloader ActiveX OCX control allows remote attackers to execute arbitrary files, and obtain sensitive information usernames and pathnames, via a URL in the url vbscript parameter...

Rediff Bol Downloader (ActiveX Control) Execute Local File Exploit

Exploit for unknown platform in category remote exploits ================================================================== Rediff Bol Downloader ActiveX Control Execute Local File Exploit ================================================================== rboldwn.url = "file://C:/WINNT/Notepad.ex...

[Full-disclosure] Rediff Bol Downloader ActiveX Allows Downloading and Spawning Arbitary Files

Rediff Bol Downloader ActiveX Allows Downloading and Spawning Arbitary Files Affected Program : Rediff Bol Download ActiveX ActiveX OCX Control that downloads the Rediff Bol Messenger setup and spawns it. Related URL : http://messenger.rediff.com/newbol/ Discovered by : Gregory R. Panakkal...

Rediff Bol Downloader - ActiveX Control Execute Local File

Rediff Bol Downloader - ActiveX Control Execute Local File rboldwn.url = "file://C:/WINNT/Notepad.exe" rboldwn.fontsize = 14 rboldwn.barcolor = EE4E00 rboldwn.start = "start" milw0rm.com 2006-12-31...

PT-2006-7435 · Rediff · Rediff Bol Downloader Activex

Name of the Vulnerable Software and Affected Versions: Rediff Bol Downloader ActiveX OCX control affected versions not specified Description: The issue allows remote attackers to execute arbitrary files and obtain sensitive information, such as usernames and pathnames, by providing a URL in the u...

Rediff Bol Downloader - ActiveX Control Execute Local File

rboldwn.url = "file://C:/WINNT/Notepad.exe" rboldwn.fontsize = 14 rboldwn.barcolor = EE4E00 rboldwn.start = "start" milw0rm.com 2006-12-31...

Rediff Bol Downloader ActiveX code download and execution

ActiveX element allow to upload and execute any code...

CVE-2005-2858

The CVE-2005-2858 issue affects Rediff Bol 7.0 via the Fetch.FetchContact.1 ActiveX control (Fetch.dll). The FullAddressBook method allows remote attackers to read the Windows Address Book, exposing contact information. Root cause is an unsafe FullAddressBook interface in the Fetch.FetchContact.1...

PT-2005-3723 · Microsoft +1 · Windows +3

Name of the Vulnerable Software and Affected Versions: Rediff Bol version 7.0 Description: The issue allows remote attackers to read the Windows Address Book. This is achieved via the FullAddressBook method of the Fetch.FetchContact.1 ActiveX control, which is part of the Fetch.dll component...

Rediff Bol 7.0 ActiveX information leak

With FullAddressBook method of Fetch.FetchContact.1 ActiveX control it's possible to obtain whole Windows address book...