27 July 2007, 15:04

Hole in Clever Internet ActiveX Suite control

The WebDAV control (clinetsuitex6.ocx) of the Clever Internet ActiveX Suite, contains a critical vulnerability that allows web pages to overwrite arbitrary files on a PC running the control. The control also allows attackers to load and store files in arbitrary locations.

These bugs in the WebDAV control, which supports collaborative editing and management of files, allow an attacker to store his own programs on the system and execute them, for instance via the autostart folder when the system is restarted. The cause of this problem is not a bug, but rather a design decision. The control is marked as "safe for scripting", although it grants full access to the file system to any web page. This flaw affects version 6.2 of the suite. An update has not been provided; the only workaround is to set the kill bit.

Channels

Services

Hole in Clever Internet ActiveX Suite control

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit