CVE-2009-0465

Synactis ALL In-The-Box ActiveX 3 - File Write

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0465. PoCs published by DSecRG.

AI-analyzed exploit summary This exploit leverages a null byte injection vulnerability in the Synactis All_IN_THE_BOX ActiveX control's SaveDoc() method to overwrite arbitrary files on the target system. The PoC demonstrates overwriting boot.ini by appending a null byte to bypass the default file extension enforcement.

Description

The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box filename extension, as demonstrated by a C:\boot.ini\0 argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DSecRG · textremotewindows

https://www.exploit-db.com/exploits/7928

View Code ZIP pw:eip

This exploit leverages a null byte injection vulnerability in the Synactis All_IN_THE_BOX ActiveX control's SaveDoc() method to overwrite arbitrary files on the target system. The PoC demonstrates overwriting boot.ini by appending a null byte to bypass the default file extension enforcement.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Synactis All_IN_THE_BOX ActiveX Control (ALL_IN_THE_BOX.OCX) version 3

No auth needed

Prerequisites: Target system must have the vulnerable ActiveX control installed · Attacker must deliver the exploit via a malicious webpage or HTML file

MITRE ATT&CK

T1221 - Template Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →