CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
99.3%
Added: 12/19/2008
CVE: CVE-2008-0236
BID: 27205
OSVDB: 40380
Visual FoxPro is a tool for developing database applications.
The **vfp6r.dll**
ActiveX control allows command execution when a user opens a web page which uses the **DoCmd**
method.
Set the kill bit for class ID 008B6010-1F3D-11D1-B0C8-00A0C9055D74 as described in Microsoft Knowledge Base Article 240797.
<http://secunia.com/advisories/28417/>
Exploit works on Visual FoxPro 6.0 and requires a user to load the exploit page in Internet Explorer.
In order for this exploit to succeed, first download the exploit.exe file from the exploit server and place it on the specified SMB share, which must be accessible by the target.
In order for the exploit to succeed, the exploit server must be in the Local intranet zone or in the Trusted sites zone on the target, and the option “Initialize and script ActiveX controls not marked as safe” must be set to “Enable”, because the affected ActiveX control is marked not safe.
Windows