NBActiveX Sure ActiveX Big Vulnerability

From: Webmaster, Lorenzo Hernandez Garcia-Hierro (webmasterat_private)
Date: Sat Nov 16 2002 - 08:12:00 PST

Next message: Martin Schulze: "[SECURITY] [DSA 197-1] New sqwebmail packages fix local information exposure"

Previous message: Matthew Murphy: "[VulnWatch] LiteServe URL Decoding DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

*******************************
Lorenzo Hernandez garcia-hierro
Webmaster of LORENZOHGH.COM
LHGHPRODS PROGRAMACIÓN TIENDA ONLINE.
*******************************
NBActiveX Sure ActiveX New Vulnerability

Dear firends,

INTODUCTION
This vulnerability is an important failure because the malicious code writed 
in NeoBook 4 can be executed out of permission and silent. NBActiveX.ocx is a 
AtiveX control for execute programms created and designed for the web with Neo 
Book 4 (the best author multimedia software)the vulnerability is in the form 
that NBActiveX.ocx is identificated throw the MSIE ActiveX Control Validator 
or system of security control and the MSI validate with sure calification the 
activex but no checking the routines.

METHOD

1.If you create a programm and select in compilation mode Distribution Mode> 
Web Navigator , NeoBook 4 compiles a file called [nameofproject].prg and a 
[nameofproject].htm the NBActiveX.ocx is publicated with that files in the 
server and the HTM file is the "wrap" of the .prg file and the server activex 
NBActiveX.ocx .

2.type the URL for the HTM File and wait,my example was based on a programm 
that writes a file called Win32DLL.vbs in %ROOT% normally c:\ and in another 
pixel run another programm created with neobook too , this programm run 
finally the script .vbs and the script run MsgBox("Hello World") but the file 
can be all types of files like patch.exe (Netbus slave) or any.
 
THE PROBLEM

Neo Book 4 allow to insert any tipes of files in your project for wrap (like 
eliteWrap) it an execute or save,rename,put attrb and all the commands 
possible in win32.
The only possible solution is setting off the activeX execution (please don´t 
laught.).

FILES ENCOUNTERED THE PROBLEM:
NBActiveX.ocx  -The famous dangerous ActiveX-
[nameofproject].prg -The programm wrap-
[nameofproject].HTM -the NBActiveX and wrapper executor-

ABOUT ME:

My name is Lorenzo Hernandze GARCIA-HIERRO and i'm 13 old , i live in madrid 
in spain  and i use linux in two of my 3 computers (i break some windows, 
don't laught!!!)my telephone number (mobile) +34676001011.
-----------------------------------------------------
Me http://lorenzohgh.com
or me project of linux http://lorenzohgh.com/linux 
My nick geniemgh : http://ciberia.ya.com/geniemgh 
-----------------------------------------------------
PLEASE RESPOND ME WITH THE answer.
PLEASE TAKE CARE WITH THIS IMPORTANT AND DANGEROUS VULNERABILITY BECAUSE I 
CREATE A VIRUS IN VBS SCRIPT AN A TROJAN WRAPPER (ELITE WRAP) AND THE EFFECTS 
ARE CATASTROFIC AND VERY QUICKLY (IN A P2 LIKE 10 SECONDS FOR TOTAL INFECTION 
AND FILE REPLACE WITH A 56 MODEM) 

PLEASE CHECK THIS BECUSE IF YOU THINK THE POSSIBILITIES ARE INFINITE AND IF 
YOU RUN IT ON A IIS.... ALL THE DATA ARE FOR ANY WITH TROJAN ACCESS.

Next message: Martin Schulze: "[SECURITY] [DSA 197-1] New sqwebmail packages fix local information exposure"
Previous message: Matthew Murphy: "[VulnWatch] LiteServe URL Decoding DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 18 2002 - 01:21:23 PST