CVE-2008-1605

LEADTOOLS Multimedia Toolkit <15 - File Overwrite

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1605. PoCs published by shinnai.

AI-analyzed exploit summary This exploit leverages an arbitrary file overwrite vulnerability in LEADTOOLS Multimedia ActiveX controls. By enticing a victim to view a malicious HTML page, an attacker can overwrite files on the victim's system in the context of the vulnerable application (typically Internet Explorer).

Description

The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · htmlremotewindows

https://www.exploit-db.com/exploits/31534

View Code ZIP pw:eip

This exploit leverages an arbitrary file overwrite vulnerability in LEADTOOLS Multimedia ActiveX controls. By enticing a victim to view a malicious HTML page, an attacker can overwrite files on the victim's system in the context of the vulnerable application (typically Internet Explorer).

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: LEADTOOLS Multimedia 15

No auth needed

Prerequisites: Victim must visit a malicious webpage · ActiveX controls must be enabled in the victim's browser

MITRE ATT&CK