CVE-2014-0773

The BWOCXRUN.BwocxrunCtrl.1 control contains a method named <br /> “CreateProcess.” This method contains validation to ensure an attacker <br /> cannot run arbitrary command lines. After validation, the values <br /> supplied in the HTML are passed to the Windows CreateProcessA API.<br /> <br /> <br /> The validation can be bypassed allowing for running arbitrary command<br /> lines. The command line can specify running remote files (example: UNC <br /> command line).<br /> <br /> <br /> A function exists at offset 100019B0 of bwocxrun.ocx. Inside this <br /> function, there are 3 calls to strstr to check the contents of the user <br /> specified command line. If “\setup.exe,” “\bwvbprt.exe,” or <br /> “\bwvbprtl.exe” are contained in the command line (strstr returns <br /> nonzero value), the command line passes validation and is then passed to<br /> CreateProcessA.