I'd like to report an undisclosed vulnerability I found in a very commonly used Radiology Software during a pentest in a Hospital.
Technical details:
To work propery the application installs a cab file called prjkillhome.cab containing our ActiveX control.
Using ComRaider we can see that this control uses a potentially noxious function called OpenShell.
By creating an html document that invokes it it's been possible to exploit it to run arbitrary code on the victim machine.
Following is a PoC that spawn calc.exe
No comments:
Post a Comment