[VIM] fyi Milw0rm ActiveX controls insecure methods by t0pP8uZz
str0ke
str0ke at milw0rm.com
Fri May 9 15:53:34 UTC 2008
Ya I didn't check these. Should have though. I am going to take them
down from the main page, but they will stay up at their current urls.
/str0ke
JM Seitz wrote:
> Yeah not surprising, I doubt that str0ke wants to check each one of them
> as they come in :)
>
> Then again maybe a buffer overflow that gives you the same privileges as
> you already have is useful! :)
>
> JS
> Rob Keith wrote:
>
>> Hey, not sure if other VDBs discount these ActiveX controls when they
>> aren't marked safe for scripting? But here were our findings:
>>
>> There were 5 ActiveX issues posted to Milw0rm today by t0pP8uZz:
>>
>> Secure File Delete Wizard <= 2.0.0 ActiveX Insecure Methods Exploit
>> http://www.milw0rm.com/exploits/5573
>>
>> Registry Pro (epRegPro.ocx) Remote Insecure Methods Exploit
>> http://www.milw0rm.com/exploits/5572
>>
>> EvansFTP (EvansFTP.ocx) Remote Insecure Methods Exploit
>> http://www.milw0rm.com/exploits/5571
>>
>> aaxRegistry (aaxRegistry.ocx) Remote Registry Deletion Exploit
>> http://www.milw0rm.com/exploits/5570
>>
>> Univeral HTTP Image/File Upload ActiveX Remote File Deletion Exploit
>> http://www.milw0rm.com/exploits/5569
>>
>> I have installed all of the ActiveX controls mentioned above and none
>> of them was marked safe for scripting.
>>
>> Regards,
>> Adrian
>>
>>
>>
>
>
>
More information about the VIM
mailing list