MS06-044 - Internet Explorer 5.x
Microsoft released MS06-044 to address a local zone privilege escalation vulnerability I reported in Internet Explorer 5 on Windows 2000. According to Microsoft, over five million people are still using the Windows Update service with Internet Explorer 5. This vulnerability exploits a XSS flaw in the RT_HTML resource of a DLL included with Windows 2000. The demonstration below will use this XSS flaw to execute calc.exe on vulnerable systems.
Demonstration
posted by hdm @ 11:30 AM
2 comments
links to this post
2 Comments:
HDM,
I am trying to demostrate a few of these bugs in attempt to convince my boss to switch our "corporate standard browser" from BrandX to a certain open source one. However, he argues by the time public exploits are written, BrandX has released a patch. I would like to demonstrate to him otherwise, but I am having trouble cross-referencing the bugs here in your blog with those in the metaspoilt framework. Any hints?
Thank you
Seems there's some problems with this exploit?
I have tried but failed on Win2k SP3 which is IE 5,
failed with several script error.
Post a Comment
Links to this post:
Create a Link
<< Home