CVE-2006-5658 in BlooMooWeb ActiveX control
Summary
by MITRE
BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 04/26/2026
The CVE-2006-5658 vulnerability resides within the BlooMooWeb ActiveX control, specifically the AidemATL.dll component, which represents a critical security flaw in legacy web application architecture. This vulnerability affects systems running the BlooMooWeb software and exposes users to multiple attack vectors through improper input validation within three distinct methods of the ActiveX control. The vulnerability is particularly concerning as it demonstrates how ActiveX controls can be exploited to perform unauthorized operations on vulnerable systems, creating a significant risk for end users who may unknowingly interact with malicious web content. The control operates within the Microsoft Windows environment and leverages ActiveX technology to provide web-based functionality, making it susceptible to exploitation through web browsers that support ActiveX controls.
The technical exploitation of this vulnerability occurs through three specific methods that lack proper input sanitization and validation mechanisms. The BW_DownloadFile method accepts a URL in the bstrUrl parameter, allowing remote attackers to download arbitrary files from any accessible web server, potentially including malicious payloads that can be executed on the victim's system. The BW_LaunchGame method with the bstrParams parameter enables execution of arbitrary local files, bypassing normal system security restrictions and potentially allowing attackers to run malware or system commands with the privileges of the user. The BW_DeleteTempFile method accepts a file path in the filePath parameter, enabling attackers to delete arbitrary files from the system, potentially causing data loss or disrupting system functionality. These three methods collectively create a comprehensive attack surface that allows for remote code execution, data theft, and system disruption.
The operational impact of this vulnerability extends beyond simple exploitation to encompass significant security implications for enterprise and individual users. Attackers can leverage this vulnerability to establish persistent access to compromised systems, as the ability to download files enables the delivery of additional malicious components, while the file execution capability allows for privilege escalation and system compromise. The file deletion functionality can be used to destroy critical system files or data, creating denial of service conditions or data loss scenarios that can severely impact business operations. Organizations running systems with the BlooMooWeb ActiveX control are particularly vulnerable to targeted attacks, as these controls are often installed on user workstations and may not be regularly updated or patched, creating persistent attack vectors that can be exploited by threat actors. The vulnerability's exploitation typically requires user interaction with malicious web content, making social engineering attacks more effective.
Mitigation strategies for CVE-2006-5658 should focus on immediate removal of the vulnerable ActiveX control from affected systems, as this represents the most effective solution given the severity of the vulnerability. System administrators should implement browser security policies that disable ActiveX controls or restrict their functionality, particularly in enterprise environments where multiple users may be exposed to potentially malicious content. The vulnerability aligns with CWE-20, which addresses improper input validation, and CWE-73, which covers external control of file name or path, both of which are directly applicable to the three attack vectors present in this vulnerability. Additionally, organizations should consider implementing network-based security controls such as web application firewalls and content filtering systems to prevent access to known malicious domains that could be used to deliver exploit payloads. The ATT&CK framework categorizes this vulnerability under T1190, which covers Exploit Public-Facing Application, and T1059, which covers Command and Scripting Interpreter, as the vulnerability enables both application exploitation and command execution capabilities. Regular system patching and security awareness training for users can help prevent exploitation of this vulnerability, though the most effective long-term solution remains the complete removal of the vulnerable software from production environments.