検索:
ホーム   »     »   MS06-006 Poc (Windows Media Player Embed Thingie)

MS06-006 Poc (Windows Media Player Embed Thingie)

  • 投稿日:2006年2月21日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

Yesterday, i started playing around with the MS06-006 vulnerability(the one with the BMP thingie). I must have spent around… 3 hours trying to grab EIP. I gave up after a while because I could not find any constant address. And I just found out today that another person who has been playing around with MS06-006 had the same conclusion. The crashes were random, and it’s not that easy to create a reliable exploit for this. Mostly, just a DOS.


So last night, while the girlfriend was watching Brokeback Mountain (i had too much fun creating my own dialogue for the characters, the girlfriend got annoyed since she could not listen to the story, so she kicked me out of the tv area), i decided to do the MS06-005 vulnerability, or the Windows-Media-Player-Embed-Src-vuln-for-other-browsers-except-IE.


Which means, if you’re using firefox, or other browsers (i’m not sure what type of browsers exactly), better patch now if you’re still using firefox. The exploit is fairly easy to create, and allows for automatic code execution. Spyware, anyone?



Update(JJ, 17 February 2006 17:08:02)


FR-Sirt now has a Metasploit plugin for this exploit on their site.


No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.