[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Embarcadero ER/Studio XE2 Server Portal Tom Sawyer's Default GET Extension Factory ActiveX Control Remote Code Execution

See: CVE-2011-2217
reference url: http://www.securityfocus.com/bid/48099

The mentioned product is vulnerable to the same issue.

download url: https://downloads.embarcadero.com/free/er_studio_portal

ActiveX settings: 
ProgID: TomSawyer.DefaultExtFactory.
CLSID:  {658ED6E7-0DA1-4ADD-B2FB-095F08091118}
Binary path: D:\Program Files\Embarcadero\ERStudioPortal1.6\PortalIntf\tsgetx71ex553.dll
Safe for scripting (registry): true
Safe for initialize (registry): true


var obj = new ActiveXObject("TomSawyer.DefaultExtFactory.");

then the dll will try to call inside an unitialized memory region
which is reachable by an attacker through heap spray.