1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS Rich TextBox ActiveX File Overwrite

HTTP MS Rich TextBox ActiveX File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempt to exploit a file overwrite vulnerability by passing specially crafted arguments into a method of Microsoft Rich TextBox ActiveX Control.

Additional Information

Microsoft Rich TextBox Control is an ActiveX control used to display, enter, and format text.

Microsoft Rich TextBox Control is prone to a vulnerability that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer).

This issue affects the 'SaveFile()' method of the 'richtx32.ocx' ActiveX control (CLSID: B617B991-A767-4F05-99BA-AC6FCABB102E).

Successful exploits will compromise affected computers or cause denial of service conditions; other attacks are possible.


  • Microsoft Rich TextBox Control 6.0


Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube