The current patch fix for the Internet Explorer 6 XML bypass is faulty and still allows a remote web site to maliciously force IE to replace files on the underlying client system.
6d210eb5a6b46fd9b6b6c1f97c07ceb3e3762953328aa745c0211b913e84cf1c
IE 6 XML Patch Bypass
I have recently been playing around with the xml+windows media player exploit, and it
seems that even with the new Microsoft patch applied, the vulnerability works.
I have tried it on 7 different people, on win2k and xp, and it worked everytime.
The 8th person was using DAP (Download Acceselerator Plus), so it asked him if he
wanted to download the executable. IE hacks like Dybuk Explorer are not affected by
the vulnerability as well.
Here is a proof-of-concept:
https://mindlock.bestweb.net/wmp.htm
Note: this only works on people who have media player in C:\Program Files\Windows Media Player\
and version 9.
I am not 100% sure, but I believe that microsoft's new patch fixes the 401 bug.
I tried using "HTTP/1.0 401 EVIL EVIL" so this may have been the reason for the patch bypass.
My solution would be to disable the media bar in IE 6. I explained how to do so in wmp.htm.
-----------------------------|
- Mindwarper |
- mindwarper@linuxmail.org |
- https://mindlock.bestweb.net|
-----------------------------|
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed