User Since: 26th Feb 2010
System Score: N/A
Last edited on 31st Mar, 2010 15:07
|I attempted to run the exploit sample for #2:
var obj = document.createElement("object");
obj.data = "file://127.0.0.1/C$/.../index.dat";
obj.type = "text/html";
obj.id = "obj_results";
obj.width = "500px";
obj.height = "300px";
In the latest IE8 post recent patches. The first thing I noticed is that I receive this message preventing the script:
"To help protect your security, Internet Explorer has restricted this webpage from running scripts or ActiveX controls that could access your computer. Click here for options..."
The second thing that I noticed is then when I allowed the script to run, it did not display any data as it was suggested it would. Secunia might need to re-test this vulnerability in their labs and see if it is still relevant or not.
I was unable to exploit myself using this vulnerability.
When I ran the vuln in #1, with the code:
<object data="index.dat" type="text/html" width="100%" height="50"></object>
And, again it blocked it, I accepted, and then I received this warning:
Cannot find 'file:///C:/Documents%20and%20Settings/nrush/Deskt op/index.dat'. Make sure the path or Internet address is correct.
So, I created a index.dat on my desktop and typed it worked inside, reloaded, and it worked.
I'm not sure if I just didn't do the #2 vuln correctly and that's why it didn't work, or not. However, vuln #1 is definitely still exploitable.