Rediff Bol Downloader ActiveX code download and execution

[EN] securityvulns.ru
no-pyccku

Rediff Bol Downloader ActiveX code download and execution
Published: 31.12.2006
Source: FULL-DISCLOSURE
SecurityVulns ID: 6984
Type: client
Level: 5/10
Description: ActiveX element allow to upload and execute any code.

CVE: CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments.)
CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.)

Original document gregory_panakkal, [Full-disclosure] Rediff Bol Downloader ActiveX Allows Downloading and Spawning Arbitary Files (31.12.2006)

Discuss: Read or add your comments to this news (1 comments)