MW6 Technologies QRCode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
BID:25702
Info
MW6 Technologies QRCode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
| Bugtraq ID: | 25702 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4982 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 18 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | shinnai is credited with the discovery of this vulnerability. |
| Vulnerable: |
Mw6tech QRCode ActiveX 3.0 |
| Not Vulnerable: | |
Discussion
MW6 Technologies QRCode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
MW6 Technologies QRCode ActiveX control is prone to multiple arbitrary-file-overwrite vulnerabilities.
Attackers can exploit these issues to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
QRCode ActiveX 3.0 is vulnerable; other versions may also be affected.
MW6 Technologies QRCode ActiveX control is prone to multiple arbitrary-file-overwrite vulnerabilities.
Attackers can exploit these issues to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).
QRCode ActiveX 3.0 is vulnerable; other versions may also be affected.
Exploit / POC
MW6 Technologies QRCode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting user to view a malicious web page.
The following exploit is available:
An attacker can exploit these issues by enticing an unsuspecting user to view a malicious web page.
The following exploit is available:
Solution / Fix
MW6 Technologies QRCode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
MW6 Technologies QRCode ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Vendor Homepage (MW6 Technologies)