- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
IE ADDDESKTOPCOMPONENT() CROSS ZONE SCRIPTING Vulnerability
Microsoft Internet Explorer 6 "external.AddDesktopComponent()" function contains a cross site scripting vulnerability that allows attackers to execute arbitrary code in the context of the Internet Explorer´s local machine zone because it does not correctly validate characters passed to the function. Script code is written and executed in "Desktop.htt" local file that belongs to the local machine zone and thus allows arbitrary code to be executed. The user interaction required is either a single click inside a webpage, double click or key pressing, usually used in captchas. The demonstration calls "Help and Support Center" and executes Windows calculator.
Important: This bypasses the pop-up blocker and the local machine zone lockdown features.
link to full article and P.O.C:
http://secumania.info/joomla/index.php/component/k2/item/13-microsoft-internet-explorer-6-adddesktopcomponent-cross-zone-scripting-vulnerability
Author: Eduardo Prado (me).
Видео IE ADDDESKTOPCOMPONENT() CROSS ZONE SCRIPTING Vulnerability канала Edu Braun
Important: This bypasses the pop-up blocker and the local machine zone lockdown features.
link to full article and P.O.C:
http://secumania.info/joomla/index.php/component/k2/item/13-microsoft-internet-explorer-6-adddesktopcomponent-cross-zone-scripting-vulnerability
Author: Eduardo Prado (me).
Видео IE ADDDESKTOPCOMPONENT() CROSS ZONE SCRIPTING Vulnerability канала Edu Braun
Комментарии отсутствуют
Информация о видео
5 февраля 2014 г. 18:49:33
00:00:14
Другие видео канала
Windows Explorer Preview Pane HTML File Link Spoofing
Real Player 'DCP://' URI Remote Arbitrary Code Execution Vulnerability
Microsoft Windows Media Center Vulnerability (wmv script) Demonstration (2)
7-ZIP CVE-2022-29072 Most Suitable Workaround (Fix) - Reversable!
MS Windows 'Contact' file parsing Hyperlink Manipulation Arbitrary Code Exec (Improved Quality)
Microsoft Windows Environment Variable Expansion Issue Leads To Remote DLL (Library) Load Hijacking
Real Player v.20.0.8.310 G2 Control 'DoGoToURL()' Remote Code Execution Vulnerability
ie6 file download ext spoof
First Remote Code Execution Vuln affecting Microsoft Notepad (Video demonstration)
Real Player 'external::Import()' Vulnerabilities leads to Remote Code Execution
Multiple Microsoft Programs HTML Help (CHM) File Load Hijacking and Stack Overflow Vulnerabilities
MS Windows (CVE-2019-0541) MSHTML Engine "Edit" Remote Code Execution Vulnerability
MS Windows CVE-2021-40444 - CABless version
Windows Media Player 12 WMDRM 'RES://' URI Vulnerability RCE
Windows Media Player 12 WMDRM 'HTMLView' Window 'RES://' URI Parsing RCE (Patched!)
MS HLP FILE LOAD HIJACKING
notepad this app can break bug
MS Windows Help and Support Center Multiple Vulnerabilities
Windows Explorer Preview Pane WMV/WMA media Automatic URI Opening Vulnerability
Nasty thing you can do with the famous 'Mark-Of-The-Web' on Windows:
