CVE-2009-3573

EMC Captiva PixTools Distributed Imaging <2.2 - File Creation/Overw...

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3573. PoCs published by Giuseppe Fuggiano.

AI-analyzed exploit summary This exploit leverages insecure methods in the EMC Captiva PixTools ActiveX control to create or overwrite arbitrary local files, potentially leading to arbitrary code execution. The PoC demonstrates file write capabilities via the SetLogFileName and WriteToLog methods.

Description

Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ActiveX control (PDIControl.dll) 2.2.3160.0 in EMC Captiva PixTools Distributed Imaging 2.2 allow remote attackers to create or overwrite arbitrary files via the (1) SetLogFileName and (2) WriteToLog methods.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Giuseppe Fuggiano · htmlremotewindows

https://www.exploit-db.com/exploits/33263

View Code ZIP pw:eip

This exploit leverages insecure methods in the EMC Captiva PixTools ActiveX control to create or overwrite arbitrary local files, potentially leading to arbitrary code execution. The PoC demonstrates file write capabilities via the SetLogFileName and WriteToLog methods.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: EMC Captiva PixTools Distributed Imaging ActiveX control (PDIControl.dll 2.2.3160.0)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX control must be installed and enabled

MITRE ATT&CK