1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Ultra Crypto SaveToFile ActiveX File Overwrite

HTTP Ultra Crypto SaveToFile ActiveX File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a File Overwrite Vulnerability by using a method of Ultra Crypto Component ActiveX control.

Additional Information

Ultra Crypto Component is an ActiveX component for encrypting and decrypting both strings and binary data.

The ActiveX Control is prone to a vulnerability that lets attackers overwrite arbitrary files with attacker-supplied content.

This issue resides in the control with a CLDID of FD22F3AE-1450-4BDC-ADBE-6AF210A78C2C in the 'SaveToFile()' method of 'CryptoX.dll'.

The vulnerable method is used to download content from arbitrary URIs and save it in a local file. Reportedly, the software has no restrictions for where the content is retrieved from or where the file is saved locally.

An attacker can exploit this issue to overwrite files with arbitrary, attacker-controlled content. This will aid in further attacks.

Affected

  • Ultra Shareware Ultra Crypto Component
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube