| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200309131624.29423.jkuperus@planet.nl> From: jkuperus at planet.nl (jelmer) Subject: Re: Internet explorer 6 on windows XP allows exection of arbitrary code (Demonstration Exploit Warning) on my system mediaplayer is a protected file much like notepad.exe or telnet.exe are, wich means that when you delete or overwrite them they get put back by the system. I am just invoking it really quick. maybe they added this behaviour in wmp9 and on wmp8 the changes are permanent in wich case the changes would be permanent and you'd have a broken mediaplayer. If this is true I apologize anyway i'll put up links to backup copies on my site when I have the time just in case --jelmer On Saturday 13 September 2003 15:22, S G Masood wrote: > Hi, > > Jelmer probably forgot to mention this about the > demonstration exploit[1] in his advisory[2]: Back up > "C:\Program Files\Windows Media Player\wmplayer.exe" > before using the exploit as the exploit replaces the > original wmplayer.exe(main WMP executable) with the > dropped file(also named wmplayer.exe). After > exploitation, the dropped wmplayer.exe can be deleted > and the backed-up, original version replaced. > > If this is not done, the existing installation of > Windows Media Player will be damaged and will have to > be reinstalled. And, ofcourse, since the exploit > depends on replacing the WMP executable, it will not > work if Media Player is running. Test the exploit > while Media Player is not running. > > Tested here successfully with Win2kSP0 IE6 WMP9. > > > [1]Exploit -> > http://ip3e83566f.speed.planet.nl/hacked-by-chinese/5.htm > [2]http://www.securityfocus.com/archive/1/337285 > > > -- > Regards, > S.G.Masood > Hyderabad, > India. > > > > -- > `You don't believe in me,' observed the Ghost.`Why do > you doubt your senses?' > `Because,' said Scrooge, `a little thing affects them. > A slight disorder of the stomach makes them cheats. > You may be an undigested bit of beef, a blot of > mustard, a crumb of cheese, a fragment of an underdone > potato. There's more of gravy than of grave about you, > whatever you are!' > > -Charles Dickens in `A Christmas Carol' > -- > > > > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists