| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 11 Jul 2004 15:55:00 -0000 From: Paul <paul@...yhats.cjb.net> To: bugtraq@...urityfocus.com Subject: Media Preview Script Execution Vulnerability Note: This vulnerability as well as several more can be found at http://www.geryhats.cjb.net Media Preview Script Execution Vulnerability [Tested] MSDXM.DLL file version 6.4.09.1128 Microsoft Windows 2000 [Discussion] By using the windows media player control, media can be played in a browser, including asx files, which is just a playlist of media. If one of these files on the list is a weird protocol like javascript:, it will be executed in the zone of the page that called it. At first, this seems to be a small problem. However, on windows 2000, media can be previewed on a panel to the left if the media file is in a local directory and the user clicks on it. The panel uses the windows media player control to preview the media. If a user clicks on a specially-crafted asx file, javascript will be executed in the local zone. The example is a vulnerable asx file which, when clicked in explorer, will display a messagebox wiith the location of the directory. Note: The asx file must be opened in the media player control. It will not work if opened in windows media player itself. [Example] http://freehost07.websamba.com/greyhats/asxvuln.htm
Powered by blists - more mailing lists