-------------------------------------------------------------------------------------------------
 Clever Internet ActiveX Suite 6.2 (CLINETSUITEX6.OCX) Arbitrary file download/overwrite Exploit
 url: http://www.clevercomponents.com/home/news.asp

 author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://shinnai.altervista.org
 
 Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
 all software that use this ocx are vulnerable to this exploits.

 This control is marked as
 RegKey Safe for Script: True
 RegKey Safe for Init: True
 Implements IObjectSafety: True
 IDisp Safe:  Safe for untrusted: caller, data
 IPStorage Safe:  Safe for untrusted: caller,data

 Using the "GetToFile" method, you can download everything you want on a pc. This
 exploit just download a txt file on pc, I try to overwrite cmd.exe and it works.
-------------------------------------------------------------------------------------------------








# milw0rm.com [2007-07-25]