https://cxsecurity.com/issue/WLB-2007100138
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-420

Neobook是一款商业性质的多媒体电子出版系统，可使用在Windows操作系统上。Neobook使用的Activex控件没有充分检查包含在Neobook内容中的文件类型，远程攻击者可以利用这个漏洞构建恶意网页，诱使用用户点击，导致任意命令在系统上执行。Neobook包含NBActiveX.ocx控件，用于执行由NeoBook4建立和设计的WEB上的程序。由于NBActiveX.ocx控件对包含在NeoBook内容中的文件类型缺少充分检查，攻击者可以在WEB页上建立恶意程序而导致任意文件类型的程序在系统上执行。

*******************************
Lorenzo Hernandez garcia-hierro
Webmaster of LORENZOHGH.COM
LHGHPRODS PROGRAMACIN TIENDA ONLINE.
*******************************
NBActiveX Sure ActiveX New Vulnerability

Dear firends,

INTODUCTION
This vulnerability is an important failure because the malicious code writed 
in NeoBook 4 can be executed out of permission and silent. NBActiveX.ocx is a 
AtiveX control for execute programms created and designed for the web with Neo 
Book 4 (the best author multimedia software)the vulnerability is in the form 
that NBActiveX.ocx is identificated throw the MSIE ActiveX Control Validator 
or system of security control and the MSI validate with sure calification the 
activex but no checking the routines.

METHOD

1.If you create a programm and select in compilation mode Distribution Mode> 
Web Navigator , NeoBook 4 compiles a file called [nameofproject].prg and a 
[nameofproject].htm the NBActiveX.ocx is publicated with that files in the 
server and the HTM file is the "wrap" of the .prg file and the server activex 
NBActiveX.ocx .

2.type the URL for the HTM File and wait,my example was based on a programm 
that writes a file called Win32DLL.vbs in %ROOT% normally c: and in another 
pixel run another programm created with neobook too , this programm run 
finally the script .vbs and the script run MsgBox("Hello World") but the file 
can be all types of files like patch.exe (Netbus slave) or any.
 
THE PROBLEM

Neo Book 4 allow to insert any tipes of files in your project for wrap (like 
eliteWrap) it an execute or save,rename,put attrb and all the commands 
possible in win32.
The only possible solution is setting off the activeX execution (please dont 
laught.).

FILES ENCOUNTERED THE PROBLEM:
NBActiveX.ocx  -The famous dangerous ActiveX-
[nameofproject].prg -The programm wrap-
[nameofproject].HTM -the NBActiveX and wrapper executor-

ABOUT ME:

My name is Lorenzo Hernandze GARCIA-HIERRO and i'm 13 old , i live in madrid 
in spain  and i use linux in two of my 3 computers (i break some windows, 
don't laught!!!)my telephone number (mobile) +34676001011.
-----------------------------------------------------
Me http://lorenzohgh.com
or me project of linux http://lorenzohgh.com/linux 
My nick geniemgh : http://ciberia.ya.com/geniemgh 
-----------------------------------------------------
PLEASE RESPOND ME WITH THE answer.
PLEASE TAKE CARE WITH THIS IMPORTANT AND DANGEROUS VULNERABILITY BECAUSE I 
CREATE A VIRUS IN VBS SCRIPT AN A TROJAN WRAPPER (ELITE WRAP) AND THE EFFECTS 
ARE CATASTROFIC AND VERY QUICKLY (IN A P2 LIKE 10 SECONDS FOR TOTAL INFECTION 
AND FILE REPLACE WITH A 56 MODEM)

PLEASE CHECK THIS BECUSE IF YOU THINK THE POSSIBILITIES ARE INFINITE AND IF 
YOU RUN IT ON A IIS.... ALL THE DATA ARE FOR ANY WITH TROJAN ACCESS.

来源:BID
名称:6191
链接:http://www.securityfocus.com/bid/6191
来源:XF
名称:neobook-nbaactivex-execute-programs(10645)
链接:http://www.iss.net/security_center/static/10645.php
来源:SREASON
名称:3317
链接:http://securityreason.com/securityalert/3317
来源:BUGTRAQ
名称:20021116NBActiveXSureActiveXBigVulnerability
链接:http://online.securityfocus.com/archive/1/300073
来源：NSFOCUS
名称：3852
链接：http://www.nsfocus.net/vulndb/3852