1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Zenturi PogramChecker DownloadUrl ActiveX File Overwrite

HTTP Zenturi PogramChecker DownloadUrl ActiveX File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a file overwrite/delete vulnerability by passing special arguments into a method of Zenturi ProgramChecker ActiveX control.

Additional Information

Zenturi ProgramChecker ActiveX controls are utility programs designed for use on Microsoft Windows.

Zenturi ProgramChecker ActiveX control is prone to a vulnerability that could permit an attacker to delete or overwrite arbitrary files. The attacker can use the 'DownloadFile' method to delete an attacker-specified file or to overwrite the file with arbitrary data. This issue affects the ActiveX control with the CLSID of: {59DBDDA6-9A80-42A4-B824-9BC50CC172F5}

The ttacker can exploit this issue to delete or overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). This may cause denial-of-service conditions, and may also allow the attacker to execute arbitrary code on the victim's computer, which may facilitate a remote compromise.

NOTE: This issue was previously discussed in BID 24217 (Zenturi ProgramChecker SASATL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities), but has been assigned its own record because it is a different vulnerability.

Affected

  • Zenturi Zenturi ProgramChecker ActiveX Control

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube