what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

WebArchiveX.dll5.5.0.76.txt

WebArchiveX.dll5.5.0.76.txt
Posted Sep 7, 2005
Authored by Brett Moore SA | Site Security-Assessment.com

Prior to September 6th 2005, the activeX component would install and mark itself 'safe for scripting'. The component offers various methods that when instantiated by a malicious web site, can be used to read files from, or write files to the local computer.

tags | advisory, web, local, activex
SHA-256 | 205c2061f89ca6554517260bf21c4e9b70e17a80b61ff8f9dc384b72dfc2fa40

WebArchiveX.dll5.5.0.76.txt

Change Mirror Download
========================================================================
= WebArchiveX - Unsafe Methods Vulnerability
=
= Vendor Website:
= http://http://www.csystems.co.il/webarchivex/index.aspx
=
= Affected Version:
= WebArchiveX.dll 5.5.0.76 Installed Prior To Sep 6th, 2005
=
= Public disclosure on September 07, 2005
========================================================================

== Overview ==

The WebArchiveX component gives developers the ability to include .MHT
archive creation in their software and is compatible with a wide range
of programming languages.

Prior to September 6th 2005, the activeX component would install and
mark itself 'safe for scripting'. The component offers various methods
that when instantiated by a malicious web site, can be used to read files
from, or write files to the local computer.

== Exploitation ==

The component has an extensive API that can be viewed online;
http://www.csystems.co.il/WebArchiveX/help/api.html


This advisory concentrates on the two following methods;

* MakeArchive - Build MHT web archive (single MHT file)
Boolean MakeArchive(
String htmlFile,
String userAgent,
String mhtFile
);

The MakeArchive method will accept a local path as the mhtFile
parameter, allowing a malicious web site to write a file to the local
drive. By writing to the startup folder, it is possible to create a
.mht that will be executed locally at startup.


* MakeArchiveStr - Build MHT web archive and returns it as a string
String MakeArchiveStr(
String htmlFile,
String userAgent
);

The MakeArchiveStr method will accept a local path as the htmlFile
parameter. After reading in the file, the contents will be returned
to the calling script. This allows a malicious website to read the
contents of any file accessible by the current user.

== Solutions ==

- The vendor has changed the default installation to remove the 'safe for
scripting' entry, but unfortunately has not changed the version number.
The download now includes a readme file that contains;

Why WebArchiveX is not safe for scripting?
------------------------------------------

If WebArchiveX was safe for scripting, then malicious websites
could use WebArchiveX in order to read/write files from/to your
local file system. Please contact support@csystems.co.il for
further details!

In order to make WebArchiveX safe for scripting you can import
the enclosed Registry file WebArchiveX_SafeForScripting.reg.

- To identify if this component is installed on your pc, search the
registry for WebArchiveX entries.

- If the entry is located, remove the 'safe for scripting' entry by
removing these keys;
\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

- For additional help contact support@csystems.co.il

== Credit ==

Discovered and advised to cSystems August, 2005 by Brett Moore of
Security-Assessment.com

== About Security-Assessment.com ==

Security-Assessment.com is a leader in intrusion testing and security
code review, and leads the world with SA-ISO, online ISO17799 compliance
management solution. Security-Assessment.com is committed to security
research and development, and its team have previously identified a
number of vulnerabilities in public and private software vendors products.




e-mail protected and scanned by Bizo Email Filter - powered by Advascan


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close