CVE-2007-4982

MW6 QRCode ActiveX < 3.0.0.1 - Arbitrary File Write via SaveAsBMP or SaveAsWMF Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4982. PoCs published by shinnai.

AI-analyzed exploit summary This exploit leverages unsafe methods in MW6QRCode.dll to overwrite arbitrary files via SaveAsBMP() or SaveAsWMF(). It demonstrates file corruption in the context of the logged-on user.

Description

Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/4420

View Code ZIP pw:eip

This exploit leverages unsafe methods in MW6QRCode.dll to overwrite arbitrary files via SaveAsBMP() or SaveAsWMF(). It demonstrates file corruption in the context of the logged-on user.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: MW6 Technologies QRCode ActiveX 3.0 (MW6QRCode.dll)

No auth needed

Prerequisites: Victim must visit a malicious webpage with Internet Explorer · ActiveX control must be installed and not kill-bit set

MITRE ATT&CK