Vulnerabilities > CVE-2009-0218 - Remote Code Execution vulnerability in Particle Software IntraLaunch ActiveX Control

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
ldra
particlesoftware
critical
NVD
Published: 2009-04-13
Updated: 2017-08-08

Summary

Insecure method vulnerability in Particle Software IntraLaunch Application Launcher ActiveX control in IntraLaunch.ocx, as used in LDRA TBbrowse and possibly other products, allows remote attackers to execute arbitrary code via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Ldra
1
Application
Particlesoftware
1

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 34395 CVE(CAN) ID: CVE-2009-0218 IntraLaunch ActiveX控件允许网页链接本地或跨网络执行Word或PDF等文档所关联的应用程序。 IntraLaunch ActiveX控件(由IntraLaunch.ocx提供)没有限定到特定的域或Internet Explorer区,这允许任何站点都可以在安装了该控件的系统上通过调用该控件导致运行任意代码。 Particle Software IntraLaunch Particle Software ----------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://www.particlesoftware.com/en/index.html target=_blank rel=external nofollow>http://www.particlesoftware.com/en/index.html</a>
idSSV:5013
last seen2017-11-19
modified2009-04-08
published2009-04-08
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-5013
titleIntraLaunch ActiveX控件多个方式不安全调用漏洞

References