exploit the possibilities

Register | Login

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 1 of 1

Files

Microsoft Help Center XSS and Command Execution: Posted Jun 15, 2010; Authored by Tavis Ormandy | Site metasploit.com; Help and Support Center is the default application provided to access online documentation for Microsoft Windows. Microsoft supports accessing help documents directly via URLs by installing a protocol handler for the scheme "hcp". Due to an error in validation of input to hcp:// combined with a local cross site scripting vulnerability and a specialized mechanism to launch the XSS trigger, arbitrary command execution can be achieved. On IE7 on XP SP2 or SP3, code execution is automatic. If WMP9 is installed, it can be used to launch the exploit automatically. If IE8 and WMP11, either can be used to launch the attack, but both pop dialog boxes asking the user if execution should continue. This exploit detects if non-intrusive mechanisms are available and will use one if possible. In the case of both IE8 and WMP11, the exploit defaults to using an iframe on IE8, but is configurable by setting the DIALOGMECH option to "none" or "player".; tags | exploit, arbitrary, local, code execution, protocol, xss; systems | windows; advisories | CVE-2010-1885; SHA-256 | fae0587a07ffa8b213cee7c812361f42cf16fd43add9fe1b6eececa4f549a507; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

Recent News

Google Patches Critical Chrome Vulnerability: Posted Apr 24, 2024; tags | headline, flaw, google, patch, chrome; Favorite | View

Hackers Are Using Developing Countries For Ransomware Practice: Posted Apr 24, 2024; tags | headline, hacker, malware, cybercrime, fraud, cryptography; Favorite | View

Authorities Investigate LabHost Users After Phishing Service Shutdown: Posted Apr 23, 2024; tags | headline, cybercrime, fraud, phish; Favorite | View

Windows Vulnerability Reported By The NSA Exploited To Install Russian Malware: Posted Apr 23, 2024; tags | headline, government, microsoft, usa, russia, flaw, cyberwar, spyware, nsa; Favorite | View

UnitedHealth Admits Breach Could Cover Substantial Proportion Of People In America: Posted Apr 23, 2024; tags | headline, hacker, privacy, data loss; Favorite | View

Microsoft DRM Hack Could Allow Movie Downloads From Streaming: Posted Apr 23, 2024; tags | headline, microsoft, flaw, pirate; Favorite | View

Over A Million Neighbourhood Watch Members Exposed: Posted Apr 23, 2024; tags | headline, privacy, britain, data loss; Favorite | View

MITRE Hacked By State Sponsored Group Via Ivanti Zero Days: Posted Apr 23, 2024; tags | headline, hacker, government; Favorite | View

Russia's Sandworm APT Linked To Attack On Texas Water Plant: Posted Apr 18, 2024; tags | headline, malware, usa, russia, cyberwar, scada; Favorite | View

EU Tells Meta It Can't Paywall Privacy: Posted Apr 18, 2024; tags | headline, government, privacy, facebook, social; Favorite | View

View More News →

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links: News by Month; News Tags; Files by Month; File Tags; File Directory

About Us: History & Purpose; Contact Information; Terms of Service; Privacy Statement; Copyright Information

Services: Security Services
Hosting By: Rokasec