CVE-2009-3860

COMRaider - File Creation/Overwrite

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3860. PoCs published by Khashayar Fereidani.

AI-analyzed exploit summary This Perl script generates an HTML file exploiting CVE-2009-3860, which abuses insecure methods in the iDefense COMRaider ActiveX control to create arbitrary directories and copy files, potentially leading to a denial-of-service condition.

Description

Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Khashayar Fereidani · perlremotewindows
https://www.exploit-db.com/exploits/33089

This Perl script generates an HTML file exploiting CVE-2009-3860, which abuses insecure methods in the iDefense COMRaider ActiveX control to create arbitrary directories and copy files, potentially leading to a denial-of-service condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: iDefense COMRaider ActiveX control
No auth needed
Prerequisites: Victim must have the vulnerable ActiveX control installed and enabled · Attacker must deliver the generated HTML file to the victim
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/505042/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35725

Scores

EPSS 0.0183
EPSS Percentile 76.1%

Details

CWE
CWE-264
Status published
Products (1)
idefense/comraider
Published Nov 04, 2009
Tracked Since Feb 18, 2026