Microsoft Outlook Express MHTML Forced File Execution Vulnerability

Liu Die Yu has released a proof of concept exploit designed to exploit the issues described in BID 9105, 9107 and 9109 to execute arbitrary executables. The proof of concept 1stCleanRc-Xp.zip and a document describing the exploit is available at the following location:

http://www.safecenter.net/UMBRELLAWEBV4/1stCleanRc/index.html

The exploit 1stCleanRc-Xp.zip is linked below.

Liu Die Yu has supplied a demonstration that is available in a .zip file below:


 

Privacy Statement
Copyright 2010, SecurityFocus