Computer Security
[EN] securityvulns.ru no-pyccku


Rediff Bol Downloader ActiveX code download and execution
Published:31.12.2006
Source:
SecurityVulns ID:6984
Type:client
Threat Level:
5/10
Description:ActiveX element allow to upload and execute any code.
CVE:CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments.)
 CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.)
Original documentdocumentgregory_panakkal, [Full-disclosure] Rediff Bol Downloader ActiveX Allows Downloading and Spawning Arbitary Files (31.12.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod