Liquid XML Studio 2012 ActiveX Control Insecure Method Vulnerability
BID:58687
Info
Liquid XML Studio 2012 ActiveX Control Insecure Method Vulnerability
| Bugtraq ID: | 58687 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 25 2013 12:00AM |
| Updated: | Mar 25 2013 12:00AM |
| Credit: | Dr_IDE |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Liquid XML Studio 2012 ActiveX Control Insecure Method Vulnerability
Liquid XML Studio is prone to a vulnerability caused by an insecure method that lets attackers overwrite files with arbitrary, attacker-controlled content.
Successfully exploiting this issue allows remote attackers to overwrite arbitrary files in the context of the application (typically Internet Explorer) that is using the ActiveX control.
Liquid XML Studio is prone to a vulnerability caused by an insecure method that lets attackers overwrite files with arbitrary, attacker-controlled content.
Successfully exploiting this issue allows remote attackers to overwrite arbitrary files in the context of the application (typically Internet Explorer) that is using the ActiveX control.
Exploit / POC
Liquid XML Studio 2012 ActiveX Control Insecure Method Vulnerability
To exploit this issue an attacker must entice an unsuspecting victim to view a malicious Web page.
The following exploit code is available:
To exploit this issue an attacker must entice an unsuspecting victim to view a malicious Web page.
The following exploit code is available:
Solution / Fix
Liquid XML Studio 2012 ActiveX Control Insecure Method Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].