Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| Microsoft Internet Explorer Media Sidebar Flaw Lets Remote Users Execute Arbitrary Code on the System |
|---|
Categorie: Vulnerability
Posted: 2003-09-15 by ReCall
Views: 348
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A vulnerability was reported in Microsoft Internet Explorer (IE). A remote user can create HTML that, when loaded by the target user, will cause arbitrary code to be executed.
It is reported that a remote user can exploit a flaw in the media sidebar to cause IE to load a resource file in the "My Computer" zone and have it execute arbitrary code. According to the report, errors in loading media via the media sidebar are processed by the following file (in the local system zone):
res://C:WINDOWSSystem32browselc.dll/mb404.htm#path
A remote user can invoke other methods (including a cross-domain scripting flaw discovered by Liu Die Yu) to cause scripting code to be served by this page.
A demonstration exploit is provided at:
http://ip3e83566f.speed.planet.nl/hacked-by-chinese/5.htm
Impact: A remote user can cause arbitrary code to be executed by the target user's browser (with the privileges of the target user).
Solution: No solution was available at the time of this entry.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=429
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
