CVE-2009-0134

EasyGrid.SGCtrl.32 ActiveX 1.0.0.1 - Arbitrary File Write via DoSaveFile or DoSaveHtmlFile Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0134. PoCs published by Houssamix.

AI-analyzed exploit summary This exploit leverages a vulnerability in AAA EasyGrid ActiveX (CVE-2009-0134) to overwrite arbitrary files on the target system via the DoSaveFile method. The PoC demonstrates file overwrite by creating a file at c:\hsmx.txt when the button is clicked in Internet Explorer.

Description

Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Houssamix · htmlremotewindows

https://www.exploit-db.com/exploits/7779

View Code ZIP pw:eip

This exploit leverages a vulnerability in AAA EasyGrid ActiveX (CVE-2009-0134) to overwrite arbitrary files on the target system via the DoSaveFile method. The PoC demonstrates file overwrite by creating a file at c:\hsmx.txt when the button is clicked in Internet Explorer.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: AAA EasyGrid ActiveX v3.51

No auth needed

Prerequisites: Target must have AAA EasyGrid ActiveX v3.51 installed · Target must open the exploit in Internet Explorer · Target must interact with the button

MITRE ATT&CK

T1221 - Template Injection T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →