[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IE 6 XML Patch Bypass

To: bugtraq@securityfocus.com
Subject: IE 6 XML Patch Bypass
From: "Mindwarper *" <mindwarper@linuxmail.org>
Date: Tue, 07 Oct 2003 22:11:37 +0800

IE 6 XML Patch Bypass

I have recently been playing around with the xml+windows media player exploit, 
and it 
seems that even with the new Microsoft patch applied, the vulnerability works.
I have tried it on 7 different people, on win2k and xp, and it worked 
everytime. 
The 8th person was using DAP (Download Acceselerator Plus), so it asked him if 
he 
wanted to download the executable. IE hacks like Dybuk Explorer are not 
affected by 
the vulnerability as well.

Here is a proof-of-concept:

http://mindlock.bestweb.net/wmp.htm

Note: this only works on people who have media player in C:\Program 
Files\Windows Media Player\ 
and version 9.

I am not 100% sure, but I believe that microsoft's new patch fixes the 401 bug. 
I tried using "HTTP/1.0 401 EVIL EVIL" so this may have been the reason for the 
patch bypass.

My solution would be to disable the media bar in IE 6. I explained how to do so 
in wmp.htm.


-----------------------------|
- Mindwarper                 |
- mindwarper@linuxmail.org   |
- http://mindlock.bestweb.net|
-----------------------------|

-- 
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze

Follow-Ups:
- RE: IE 6 XML Patch Bypass
  - From: "GreyMagic Software" <security@greymagic.com>

Prev by Date: Adobe SVG Viewer Cross Domain and Zone Access (GM#004-MC)
Next by Date: Medieval Total War <= 1.1 broadcast crash
Previous by thread: Adobe SVG Viewer Cross Domain and Zone Access (GM#004-MC)
Next by thread: RE: IE 6 XML Patch Bypass
Index(es):
- Date
- Thread