| VID |
28149 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Windows host has the wodSFTP ActiveX control that allows arbitrary access to the filesystem. The WeOnlyDo! SFTP (wodSFTP) ActiveX control is an ActiveX component that provides Secure File Transfer Protocol (SFTP) functionality to the application that uses it. The wodSFTP ActiveX control is marked 'safe for scripting' via the IObjectSafety interface. This could allow a remote attacker to upload arbitrary files to a victim's system or download arbitrary files from a victim's system. These methods require no user interaction to complete. By convincing a victim to view an HTML document (web page, HTML email, or email attachment), an attacker could download arbitrary files to a vulnerable system within the security context of the user running Microsoft Internet Explorer. These files could contain code that could be executed through other means. It may be possible for an attacker to leverage this vulnerability to gain complete control of the victim's system.
* References:
http://www.kb.cert.org/vuls/id/378604
http://www.frsirt.com/english/advisories/2006/2064
* Platforms Affected:
WeOnlyDo Software, wodSFTP ActiveX Component versions 3.0.3 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of July 2006.
As a workaround, disable the use of the wodSFTP control by setting the kill bit as described in Microsoft Knowledge Base article 240797 at http://support.microsoft.com/kb/240797 . The CLSID for the wodSFTP control is:
{6795FA0F-35C3-4BEB-B3AA-F19DB0B228EA} |
| Related URL |
CVE-2006-1175 (CVE) |
| Related URL |
18192 (SecurityFocus) |
| Related URL |
26752 (ISS) |
|
