CVE-2007-2644

Morovia Barcode ActiveX Pro 3.3.1304 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2644. PoCs published by shinnai.

AI-analyzed exploit summary This exploit leverages an arbitrary file overwrite vulnerability in Morovia Barcode ActiveX Professional 3.3 (build 1304) by abusing the Save method to overwrite the system.ini file, potentially causing system instability. The PoC is delivered via an HTML page with embedded VBScript and requires user interaction (clicking a button).

Description

A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/3899

View Code ZIP pw:eip

This exploit leverages an arbitrary file overwrite vulnerability in Morovia Barcode ActiveX Professional 3.3 (build 1304) by abusing the Save method to overwrite the system.ini file, potentially causing system instability. The PoC is delivered via an HTML page with embedded VBScript and requires user interaction (clicking a button).

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Morovia Barcode ActiveX Professional 3.3 (build 1304)

No auth needed

Prerequisites: Victim must open the malicious HTML file in Internet Explorer · ActiveX control must be installed and enabled

MITRE ATT&CK