Re: [Full-Disclosure] how do they do it???

From: S Menard (
Date: 07/11/03

  • Next message: Gareth Blades: "RE: [Full-Disclosure] RE: Attack profiling tool?"
    To: <>
    Date: Fri, 11 Jul 2003 07:42:54 -0300

    At least I got a DIALOG with a request to run a script marked safe for
    scripting. [note to self; dumb user; clicks aren't for kids]

    When I clicked the yes button, lo and behold,
    a brand new freaking cup holder emerged :-)
    I always though it was an nestle ice cream drumstick holder great for when
    i'm searching for a winning plasmatv wrapper :-) at least in Canada, EH!

    I am running windows media player
    Windows 2000 Pro 5.00.2195 SP3
    missing the following patches: 823559, 822679,817606,819639 aka wmp-fix ,SP4
    I'll fix & re-test this weekend. More PCs to test as well as different

    {Actually, I had to click three accept dialogs since I <Prompt> or disallow
    malicious types of stuff [activeX, java], but may wish to use those
    functions after perusing the source.} Gotta stop them pop-ups somehow

    canadian who needs air conditioners in summer; not heaters in the winter

    ----- Original Message -----
    you said:
    >how do you think they do it in PHP?

    It's easy.

    <script src="cd.vbs" language="VBScript"></script>


    Set oWMP = CreateObject("WMPlayer.OCX.7" )
    Set colCDROMs = oWMP.cdromCollection

    if colCDROMs.Count >= 1 then
    For i = 0 to colCDROMs.Count - 1
    Next ' cdrom
    End If

    > From: "Thor Larholm" <>
    > how do you think they do it in PHP?

     Thank you for confirming that you have NOT installed the MS03-021 patch [1]
    for Windows Media Player, which among others removes the ability to eject CD
    drives using the WMP ActiveX control. I can now safely assume that you are
    vulnerable to several vulnerabilities.
    AKA 819639

    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (
    Version: 6.0.498 / Virus Database: 297 - Release Date: 7/10/2003
    Full-Disclosure - We believe in it.

  • Next message: Gareth Blades: "RE: [Full-Disclosure] RE: Attack profiling tool?"