Date: Wed, 08 Oct 2003 09:39:31 +0200
From: Philip Wagenaar <p.wagenaar@accon.nl>
To: bugtraq@securityfocus.com
Subject: Betr.: IE 6 XML Patch Bypass
I tried tried the proof of concept and indeed it looks like your 'hack' w=
as succesful. I have WinXP with all patches from WindowsUpdate and run So=
phos AV.
However, you might want to put up a warning that running the proof of con=
cept will change a on your harddisk.
Met vriendelijke groet,
Philip Wagenaar
AccoN Accountants & Adviseurs
ICT Project Bureau
Postbus 5090
6802 EB Arnhem
The Netherlands
tel. +31 (0)26-3842384
fax. +31 (0)26-3630222
mobile: +31 (0)6-25388935
MSN/E-mail: p.wagenaar@accon.nl
http://www.accon.nl
>>> "Mindwarper *" <mindwarper@linuxmail.org> 07-10-03 16:11 >>>
IE 6 XML Patch Bypass
I have recently been playing around with the xml+windows media player exp=
loit, and it=20
seems that even with the new Microsoft patch applied, the vulnerability w=
orks.
I have tried it on 7 different people, on win2k and xp, and it worked eve=
rytime.=20
The 8th person was using DAP (Download Acceselerator Plus), so it asked h=
im if he=20
wanted to download the executable. IE hacks like Dybuk Explorer are not a=
ffected by=20
the vulnerability as well.
Here is a proof-of-concept:
http://mindlock.bestweb.net/wmp.htm=20
Note: this only works on people who have media player in C:\Program Files=
\Windows Media Player\=20
and version 9.
I am not 100% sure, but I believe that microsoft's new patch fixes the 40=
1 bug.=20
I tried using "HTTP/1.0 401 EVIL EVIL" so this may have been the reason f=
or the patch bypass.
My solution would be to disable the media bar in IE 6. I explained how to=
=20do so in wmp.htm.
-----------------------------|
- Mindwarper |
- mindwarper@linuxmail.org |
- http://mindlock.bestweb.net|=20
-----------------------------|
--=20
______________________________________________
http://www.linuxmail.org/=20
Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze
##################################################################
Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde.
De informatie hierin is vertrouwelijk, zodat het derden niet is
toegestaan om daarvan kennis te nemen of dit te verstrekken aan
andere derden. Indien u dit e-mail bericht ontvangt terwijl het
niet voor u bestemd is, verzoeken wij u contact op te nemen met
de afzender en de informatie te verwijderen van iedere computer.
Bij voorbaat dank.=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
The information transmitted in this e-mail is intended only for
the person or entity to which it is addressed and contains
confidential information. Any review, retransmission or other
use by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the
sender and delete the material from any computer. Thank you.=20
##################################################################
#########################################################################=
############
This e-mail message has been scanned for Viruses and Content and cleared =
by MailMarshal
#########################################################################=
############
