Zenturi ProgramChecker ActiveX Control NavigateURL Arbitrary File Execution Vulnerability
BID:24382
Info
Zenturi ProgramChecker ActiveX Control NavigateURL Arbitrary File Execution Vulnerability
| Bugtraq ID: | 24382 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 08 2007 12:00AM |
| Updated: | Jun 08 2007 06:30PM |
| Credit: | shinnai is credited with the discovery of this vulnerability. |
| Vulnerable: |
Zenturi Zenturi ProgramChecker ActiveX Control 0 |
| Not Vulnerable: | |
Discussion
Zenturi ProgramChecker ActiveX Control NavigateURL Arbitrary File Execution Vulnerability
Zenturi ProgramChecker ActiveX control is prone to a vulnerability that may allow attackers to execute arbitrary local files.
Attackers can exploit this issue to execute an arbitrary file on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
Zenturi ProgramChecker ActiveX control is prone to a vulnerability that may allow attackers to execute arbitrary local files.
Attackers can exploit this issue to execute an arbitrary file on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
Exploit / POC
Zenturi ProgramChecker ActiveX Control NavigateURL Arbitrary File Execution Vulnerability
The following proof-of-concept exploit is available:
The following proof-of-concept exploit is available:
Solution / Fix
Zenturi ProgramChecker ActiveX Control NavigateURL Arbitrary File Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Zenturi ProgramChecker ActiveX Control NavigateURL Arbitrary File Execution Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Zenturi ProgramChecker ActiveX Control Web Site (Zenturi)