[VIM] fyi Milw0rm ActiveX controls insecure methods by t0pP8uZz
Rob Keith
rkeith at securityfocus.com
Fri May 9 15:15:34 UTC 2008
Hey, not sure if other VDBs discount these ActiveX controls when they
aren't marked safe for scripting? But here were our findings:
There were 5 ActiveX issues posted to Milw0rm today by t0pP8uZz:
Secure File Delete Wizard <= 2.0.0 ActiveX Insecure Methods Exploit
http://www.milw0rm.com/exploits/5573
Registry Pro (epRegPro.ocx) Remote Insecure Methods Exploit
http://www.milw0rm.com/exploits/5572
EvansFTP (EvansFTP.ocx) Remote Insecure Methods Exploit
http://www.milw0rm.com/exploits/5571
aaxRegistry (aaxRegistry.ocx) Remote Registry Deletion Exploit
http://www.milw0rm.com/exploits/5570
Univeral HTTP Image/File Upload ActiveX Remote File Deletion Exploit
http://www.milw0rm.com/exploits/5569
I have installed all of the ActiveX controls mentioned above and none of
them was marked safe for scripting.
Regards,
Adrian
--
Rob Keith
Symantec
More information about the VIM
mailing list