DeWizardX ActiveX Control Arbitrary File Overwrite Vulnerability
TITLE: DeWizardX ActiveX Control Arbitrary File Overwrite Vulnerability
CLASS: Design Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: May 15 2007 12:00AM
UPDATE: May 15 2007 07:38PM
CREDIT: shinnai is credited with the discovery of this issue.
VULNERABLE:
DB Software Laboratory DeWizardX ActiveX Control 0NOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
The DeWizardX ActiveX control is prone to an arbitrary-file-overwrite vulnerability.
An attacker can exploit this issue to overwrite arbitrary files on the affected computer. Successful attacks may aid in further attacks against the computer. Failed attempts will likely cause denial-of-service
conditions.
Exploit
Sample exploit code has been provided:
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- DeWizardX ActiveX Control Web Site (DB Software Laboratory)
- Microsoft Knowledge Base article 240797 (Microsoft)
- MoAxB #15: DB Software Laboratory DeWizardX (DEWizardAX.ocx) Remote Arbitrary Fi (shinnai )