Sogou input method 0DAY-vulnerability warning-the black bar safety net

ID MYHACK58:62201028532
Type myhack58
Reporter 佚名
Modified 2010-12-10T00:00:00


Vulnerability process description: When windows is loaded sogou input method later, log in to the system, lock the computer(cltr+alt+del) it. Switch to sogou input method, input the phonetic alphabet appears sogou input method toolbar, click on search, it will call iexplorer.exe the. Next you can be directly in the IE address bar to call the system32 directory and run the cmd, if the login account for the administrators group. The direct access to the native system permissions. Test environment: OS: windows xp sp3 Sogou input method 4.3 official version