-----------------------------------------------------------------------------
 Microsoft Rich Textbox Control 6.0 (SP6) "SaveFile()" Insecure Method
 url: http://www.microsoft.com

 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Technical details:
 File: RICHTX32.OCX
 ver.: 6.1.97.82

 While this GUID {3B7C8860-D78F-101B-B9B5-04021C009402} is
 killbited, this one {B617B991-A767-4F05-99BA-AC6FCABB102E}

 works fine so it is possible, using the "SaveFile()" method,
 to save the content of the rich textbox on a user's pc.
 This can be used to save, overwrite and/or corrupt arbitrary
 files on the system.
 
 It's marked as:
 RegKey Safe for Script: False
 RegKey Safe for Init: False
 Implements IObjectSafety: True
 IPersist Safe: Safe for untrusted: caller,data
 IPStorage Safe: Safe for untrusted: caller,data

 Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
-----------------------------------------------------------------------------