Zenturi ProgramChecker ActiveX Control Multiple Arbitrary File Deletion Vulnerabilities
BID:24380
Info
Zenturi ProgramChecker ActiveX Control Multiple Arbitrary File Deletion Vulnerabilities
| Bugtraq ID: | 24380 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 08 2007 12:00AM |
| Updated: | Jun 08 2007 06:00PM |
| Credit: | shinnai is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Zenturi Zenturi ProgramChecker ActiveX Control 0 |
| Not Vulnerable: | |
Discussion
Zenturi ProgramChecker ActiveX Control Multiple Arbitrary File Deletion Vulnerabilities
Zenturi ProgramChecker ActiveX control is prone to multiple vulnerabilities that attackers can exploit to delete arbitrary files. The issue occurs because the software fails to properly sanitize user-supplied input.
Attackers can exploit these issues to delete arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
Zenturi ProgramChecker ActiveX control is prone to multiple vulnerabilities that attackers can exploit to delete arbitrary files. The issue occurs because the software fails to properly sanitize user-supplied input.
Attackers can exploit these issues to delete arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
Exploit / POC
Zenturi ProgramChecker ActiveX Control Multiple Arbitrary File Deletion Vulnerabilities
The following proof-of-concept exploit code is available:
The following proof-of-concept exploit code is available:
Solution / Fix
Zenturi ProgramChecker ActiveX Control Multiple Arbitrary File Deletion Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Zenturi ProgramChecker ActiveX Control Multiple Arbitrary File Deletion Vulnerabilities
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Zenturi ProgramChecker ActiveX Control Web Site (Zenturi)