Bloomoo · Bloomooweb Activex Control · CVE-2006-5658
Name of the Vulnerable Software and Affected Versions:
BlooMooWeb ActiveX control (AidemATL.dll) (affected versions not specified)
Description:
The issue allows remote attackers to perform several malicious actions, including downloading arbitrary files via a URL in the `bstrUrl` parameter to the `BW DownloadFile` method, executing arbitrary local files via a file path in the `bstrParams` parameter to the `BW LaunchGame` method, and deleting arbitrary files via a file path in the `filePath` parameter to the `BW DeleteTempFile` method.
Recommendations:
As a temporary workaround, consider disabling the `BW DownloadFile`, `BW LaunchGame`, and `BW DeleteTempFile` methods until a patch is available.
Restrict access to the `bstrUrl`, `bstrParams`, and `filePath` parameters to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.