Internet Explorer Command Execution Vulnerability Test
Introduction
Some vulnerabilities have been discovered in Internet Explorer, which allows a malicious web site to execute arbitrary commands or install code on your computer without any user interaction.
A demonstration of the vulnerability is available for users running Internet Explorer 6 with Windows XP SP2 installed.
Test Case / Demonstration
Click the link below in order to test whether or not your system is vulnerable. This test is designed to work on Internet Explorer 6 with Windows XP SP2 installed.
Please note: If you wish to run the test multiple times, then please refresh this page before each test. The test requires that you have Windows installed in "c:/windows/".
What Happens When You Run The Test
When clicking the link above the exploit will be invoked. The exploit will launch "cmd.exe" (Command Prompt), which then will open a Secunia web page using "iexplore.exe" (Internet Explorer).
This test asks you to click a link before the exploit will run, this however, is not required for the vulnerability to work. The vulnerability can be exploited completely automatically by simply visiting a web site.
Result
You are vulnerable if a new Internet Explorer window opens, displaying a new Secunia web page.
Credits
The test is based on PoC by ShredderSub7.
PoC and test based on research by:
* ShredderSub7
* Paul, Greyhats Security
* Michael Evanchik
* Roozbeh Afrasiabi
* http-equiv
What should you do?
Please view the appropriate Secunia advisory for information about how you can fix or mitigate the impact of this vulnerability. The Secunia advisory will be updated when the vendor issue patches.
