[VIM] fyi Milw0rm ActiveX controls insecure methods by t0pP8uZz

JM Seitz jms at bughunter.ca
Fri May 9 15:24:46 UTC 2008

Yeah not surprising, I doubt that str0ke wants to check each one of them
as they come in :)

Then again maybe a buffer overflow that gives you the same privileges as
you already have is useful! :)

Rob Keith wrote:
> Hey, not sure if other VDBs discount these ActiveX controls when they
> aren't marked safe for scripting? But here were our findings:
> There were 5 ActiveX issues posted to Milw0rm today by t0pP8uZz:
> Secure File Delete Wizard <= 2.0.0 ActiveX Insecure Methods Exploit
> http://www.milw0rm.com/exploits/5573
> Registry Pro (epRegPro.ocx) Remote Insecure Methods Exploit
> http://www.milw0rm.com/exploits/5572
> EvansFTP (EvansFTP.ocx) Remote Insecure Methods Exploit
> http://www.milw0rm.com/exploits/5571
> aaxRegistry (aaxRegistry.ocx) Remote Registry Deletion Exploit
> http://www.milw0rm.com/exploits/5570
> Univeral HTTP Image/File Upload ActiveX Remote File Deletion Exploit
> http://www.milw0rm.com/exploits/5569
> I have installed all of the ActiveX controls mentioned above and none
> of them was marked safe for scripting.
> Regards,
> Adrian

More information about the VIM mailing list