NBAciveX Sure ActiveX Big Vulnerability Date: 2007.10.30 Credit: Webmaster, Lorenzo Hernandez Garcia-Hierro CVE: CVE-2002-2352 Risk: Medium CWE: N/A Vulnerability Details CVSS Base Score: 5.8/10 Impact Subscore: 4.9/10 - Attack Complexity: Medium - Confidentiality Impact: Partial - Integrity Impact: Partial Exploitability Subscore: 8.6/10 - Authentication: No required - Availability Impact: None Summary This vulnerability allows malicious code written in NeoBook 4 to be executed out of permission and silently using the NBAciveX.ocx ActiveX control. The vulnerability is identified through the MSIE ActiveX Control Validator or system of security control, and the MSI validates with sure qualification of the activeX but does not check the routines. Method 1. Distribution Mode: When creating a program and selecting the distribution mode as Web Navigator in NeoBook 4, the .prg and .htm files are generated. The NBAciveX.ocx is published with these files on the server. 2. HTM File Execution: Typing the URL for the HTM file executes the malicious script (e.g., Win32DLL.vbs) and runs a message box or any other file like a Netbus slave. The Problem NeoBook 4 allows inserting any file types in the project for execution or save, rename, attribute change, etc. The only solution is to disable the activeX execution. Affected Files NBAciveX.ocx: The dangerous ActiveX control. [nameofproject].prg: The program wrapper. [nameofproject].HTM: The NBAciveX and wrapper executor. Important Note The author warns that this vulnerability is dangerous and can be used to create viruses, trojans, and cause catastrophic effects. Users are advised to be cautious and check for any potential trojan access.