TUCoPS :: HP Unsorted Z :: bx2922.htm

Zune software - arbitrary file overwrite
Zune software - arbitrary file overwrite
Zune software - arbitrary file overwrite


Vulnerability class : Arbitrary file overwrite=0D
Discovery date : 21 April 2008=0D
Remote : Yes=0D
Credits : J. Bachmann & B. Mariani from ilion Research Labs=0D
Vulnerable : Zune software: EncProfile2 Class=0D
=0D
An arbitrary file overwrite as been discovered in an ActiveX control installed with the Zune software package.=0D
If a user visits the malicious page and authorize the control to run (it is not marked safe for scripting), the attacker can erase an arbitrary file.=0D
=0D
POC:=0D
=0D
=0D
 =0D
=0D
=0D
=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH