Embarcadero ER/Studio XE2 Server Portal Tom Sawyer's Default GET Extension Factory ActiveX Control Remote Code Execution
- From: nospam@xxxxxxxx
- Date: Wed, 7 Sep 2011 01:43:41 GMT
reference url: http://www.securityfocus.com/bid/48099
The mentioned product is vulnerable to the same issue.
download url: https://downloads.embarcadero.com/free/er_studio_portal
Binary path: D:\Program Files\Embarcadero\ERStudioPortal1.6\PortalIntf\tsgetx71ex553.dll
Safe for scripting (registry): true
Safe for initialize (registry): true
var obj = new ActiveXObject("TomSawyer.DefaultExtFactory.18.104.22.168.VS7.1");
then the dll will try to call inside an unitialized memory region
which is reachable by an attacker through heap spray.
- Prev by Date: Arbitrary File Upload in '1 Flash Gallery' Wordpress Plugin
- Next by Date: XSS in Zikula
- Previous by thread: Arbitrary File Upload in '1 Flash Gallery' Wordpress Plugin
- Next by thread: XSS in Zikula