A flaw exists in Windows Media Player that allows a malicious asx file to be executed running javascript in a local zone. Tested against MSDXM.DLL file version 6.4.09.1128 on Microsoft Windows 2000.
4f558821d20390a8682b804e4d30cbba5b5a8295e1f45ed01601ec06dbd27d24
Note: This vulnerability as well as several more can be found at http://www.geryhats.cjb.net
Media Preview Script Execution Vulnerability
[Tested]
MSDXM.DLL file version 6.4.09.1128
Microsoft Windows 2000
[Discussion]
By using the windows media player control, media can be played in a browser, including asx files, which is just a playlist of media. If one of these files on the list is a weird protocol like javascript:, it will be executed in the zone of the page that called it. At first, this seems to be a small problem. However, on windows 2000, media can be previewed on a panel to the left if the media file is in a local directory and the user clicks on it. The panel uses the windows media player control to preview the media. If a user clicks on a specially-crafted asx file, javascript will be executed in the local zone.
The example is a vulnerable asx file which, when clicked in explorer, will display a messagebox wiith the location of the directory.
Note: The asx file must be opened in the media player control. It will not work if opened in windows media player itself.
[Example]
http://freehost07.websamba.com/greyhats/asxvuln.htm
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed