Threat Encyclopedia

MS.Rich.TextBox.Control.Insecure.Method

description-logoDescription

This indicates an attack attempt to exploit a remote File Inclusion vulnerability in Microsoft Rich TextBox.
The vulnerability, which is located in the "RICHTX32.OCX" ActiveX control, can be exploited through misuse of a vulnerable method "SaveFile". An attacker can exploit this by tricking an unsuspecting user into visiting a malicious webpage and can overwrite or create arbitrary file within the context of the application.

affected-products-logoAffected Products

Microsoft Rich TextBox Control 6.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

CVE References

CVE-2008-0237