Microsoft released MS06-044 to address a local zone privilege escalation vulnerability I reported in Internet Explorer 5 on Windows 2000. According to Microsoft, over five million people are still using the Windows Update service with Internet Explorer 5. This vulnerability exploits a XSS flaw in the RT_HTML resource of a DLL included with Windows 2000. The demonstration below will use this XSS flaw to execute calc.exe on vulnerable systems.
Demonstration
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment