[VIM] Remote File Inclusion: it's not just for PHP anymore

Steven M. Christey coley at mitre.org
Mon Jul 30 16:31:07 UTC 2007

I thought this was interesting:


It's an ActiveX control with an absolute path traversal vulnerability,
probably stemming from unrestricted/unauthenticated access to a
powerful method (these kinds of problems are giving me minor fits in
terms of how to classify them).

The "GetToFile" method apparently accepts a URL and a target filename
as arguments.

Come to think of it, I bet you see this in a lot of ActiveX controls
that either (1) perform installation or updates for a product, or (2)
do a lot of heavy file transfers back and forth.

- Steve

More information about the VIM mailing list