header-logo
Suggest Exploit
vendor:
FlashGet
by:
superli
9,3
CVSS
HIGH
Remote Code Execution
264
CWE
Product Name: FlashGet
Affected Version From: 3.x
Affected Version To: 3.x
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2010

flashget 3.x IEHelper remote exec 0day poc

This exploit allows a remote attacker to execute arbitrary code on a vulnerable system. The vulnerability exists in the IEHelper ActiveX control, which is used by FlashGet 3.x. By setting the 'TestObj' object's classid to a specific CLSID, an attacker can execute arbitrary code on the vulnerable system.

Mitigation:

Users should ensure that the IEHelper ActiveX control is not enabled in their browser, and should upgrade to the latest version of FlashGet.
Source

Exploit-DB raw data:

# Exploit Title:flashget 3.x IEHelper remote exec 0day poc
# Date: 2010.01.05
# Author: superli
# Version: 3.x
# Tested on: xp sp3
# Code : 
<object id=TestObj classid="CLSID:{C6262DCE-6E64-45D2-B080-801F1E298AC2}" style="width:100;height:350"></object>

Navigation

Suggest Exploit

Services By CQR