[VIM] fyi Milw0rm ActiveX controls insecure methods by t0pP8uZz

JM Seitz jms at bughunter.ca
Fri May 9 15:24:46 UTC 2008


Yeah not surprising, I doubt that str0ke wants to check each one of them
as they come in :)

Then again maybe a buffer overflow that gives you the same privileges as
you already have is useful! :)

JS
Rob Keith wrote:
> Hey, not sure if other VDBs discount these ActiveX controls when they
> aren't marked safe for scripting? But here were our findings:
>
> There were 5 ActiveX issues posted to Milw0rm today by t0pP8uZz:
>
> Secure File Delete Wizard <= 2.0.0 ActiveX Insecure Methods Exploit
> http://www.milw0rm.com/exploits/5573
>
> Registry Pro (epRegPro.ocx) Remote Insecure Methods Exploit
> http://www.milw0rm.com/exploits/5572
>
> EvansFTP (EvansFTP.ocx) Remote Insecure Methods Exploit
> http://www.milw0rm.com/exploits/5571
>
> aaxRegistry (aaxRegistry.ocx) Remote Registry Deletion Exploit
> http://www.milw0rm.com/exploits/5570
>
> Univeral HTTP Image/File Upload ActiveX Remote File Deletion Exploit
> http://www.milw0rm.com/exploits/5569
>
> I have installed all of the ActiveX controls mentioned above and none
> of them was marked safe for scripting.
>
> Regards,
> Adrian
>
>



More information about the VIM mailing list