AOH :: HP Unsorted Z :: BX2922.HTM

Zune software - arbitrary file overwrite



Zune software - arbitrary file overwrite
Zune software - arbitrary file overwrite



Vulnerability class : Arbitrary file overwrite=0D
Discovery date : 21 April 2008=0D
Remote : Yes=0D
Credits : J. Bachmann & B. Mariani from ilion Research Labs=0D
Vulnerable : Zune software: EncProfile2 Class=0D
=0D
An arbitrary file overwrite as been discovered in an ActiveX control installed with the Zune software package.=0D
If a user visits the malicious page and authorize the control to run (it is not marked safe for scripting), the attacker can erase an arbitrary file.=0D
=0D
POC:=0D
=0D
=0D
 =0D
=0D
=0D
=0D
=0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.