Easewe FTP OCX ActiveX Control 'EaseWeFtp.ocx' Insecure Method Vulnerability
BID:58622
Info
Easewe FTP OCX ActiveX Control 'EaseWeFtp.ocx' Insecure Method Vulnerability
| Bugtraq ID: | 58622 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2013 12:00AM |
| Updated: | Mar 20 2013 12:00AM |
| Credit: | Dr_IDE |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Easewe FTP OCX ActiveX Control 'EaseWeFtp.ocx' Insecure Method Vulnerability
Easewe FTP OCX ActiveX control is prone to an insecure-method vulnerability.
Successfully exploiting this issue will allow attackers to create or overwrite arbitrary files on the victim's computer within the context of the affected application (typically Internet Explorer) that uses the ActiveX control.
Easewe FTP ActiveX control 4.6.02 is vulnerable; other versions may also be affected.
Easewe FTP OCX ActiveX control is prone to an insecure-method vulnerability.
Successfully exploiting this issue will allow attackers to create or overwrite arbitrary files on the victim's computer within the context of the affected application (typically Internet Explorer) that uses the ActiveX control.
Easewe FTP ActiveX control 4.6.02 is vulnerable; other versions may also be affected.
Exploit / POC
Easewe FTP OCX ActiveX Control 'EaseWeFtp.ocx' Insecure Method Vulnerability
To exploit this issue an attacker must entice an unsuspecting user to view a malicious web document.
The following example code is available:
To exploit this issue an attacker must entice an unsuspecting user to view a malicious web document.
The following example code is available:
Solution / Fix
Easewe FTP OCX ActiveX Control 'EaseWeFtp.ocx' Insecure Method Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Easewe FTP OCX ActiveX Control 'EaseWeFtp.ocx' Insecure Method Vulnerability
References:
References:
- Easewe FTP OCX ActiveX Control (Easewe)