CVE-2009-0389

Web On Windows ActiveX 2 - Arbitrary File Write and Code Execution via WriteIniFileString and ShellExecute Methods

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0389. PoCs published by Michael Brooks.

AI-analyzed exploit summary This exploit leverages an insecure ActiveX control in WOW - Web On Windows to write a malicious batch file to the system and execute it, achieving remote code execution. The vulnerability arises from improper access controls in the ActiveX control, allowing arbitrary file creation and execution.

Description

Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michael Brooks · htmlremotewindows

https://www.exploit-db.com/exploits/7910

View Code ZIP pw:eip

This exploit leverages an insecure ActiveX control in WOW - Web On Windows to write a malicious batch file to the system and execute it, achieving remote code execution. The vulnerability arises from improper access controls in the ActiveX control, allowing arbitrary file creation and execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WOW - Web On Windows ActiveX Control 2

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX control must be registered and enabled in Internet Explorer

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →