CVE-2009-0389

Name of the Vulnerable Software and Affected Versions WOW ActiveX versions 2

Description The issue concerns multiple insecure methods in the Web On Windows (WOW) ActiveX control. Remote attackers can create and overwrite arbitrary files using the WriteIniFileString method, execute arbitrary programs via the ShellExecute method, read from the registry, and write to the registry. It is also possible to use these methods together to execute arbitrary code.

Recommendations For WOW ActiveX version 2, consider disabling the WriteIniFileString and ShellExecute methods to prevent exploitation until a fix is available. Restrict access to the registry to minimize the risk of unauthorized modifications. Avoid using the WOW ActiveX control for sensitive operations until the issue is resolved.