Arbitrary Ruby Code Execution in ActiveScriptRuby (ASR) via Crafted HTML Document

Arbitrary Ruby Code Execution in ActiveScriptRuby (ASR) via Crafted HTML Document

CVE-2012-1241 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document.

Learn more about our Web Application Penetration Testing UK.