当前位置:
首页 > 其他 > Media Player: Local File Detection Vulnerability

Media Player: Local File Detection Vulnerability

测试方法:
[www.sebug.net]
本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
*** Windows Media Player Plugin: Local File Detection Vulnerability ***

A design flaw in Windows Media Player 11 allows a remote attacker to determine the \
presence of local files (programs, documents, etc.). I sent an e-mail to Microsoft \
(nearly a year ago) but they never responded…

Windows Media Player permits to open locally stored media-files. Opening \
non-supported files usually provokes an error message. By a simple HTTP-redirect, the \
error message can be circumvented. Local files can be opened. The \
file-opening-procedure can be controlled with the “Player.OpenStateChange Event”. If \
a file exists, event 8 (”MediaChanging”) is fired. This way, via JavaScript, a \
malicious web site could determine the presence of local (and remote) files.

Additional infos (in German): www.lrv.ch.vu

I’ve also set up a demo page at: http://lrv.bplaced.net/wmp/wmp.php
// sebug.net [2009-10-31]

网友评论3

  1. 0楼
    dxexpert:

    您好,做个友情链接,贵站的已经做好
    名称:短线是银
    网址:www.dxexpert.cn

    --------------------------------------------------------------
    已通过
    By:英雄

    2009-11-02 22:53 [回复]
  2. 0楼
    CK:

    你好 申请友情连接 ,贵站连接已做好 ,请审核

    ------------------------------------------------------------------
    已通过
    By:英雄

    2009-11-06 10:16 [回复]
  3. 0楼
    小伍:

    你好 我想请问一下贵站首页的背景音乐是在哪里下载的 可否提供一个下载地址给我
    我邮箱[email protected]
    我QQ703764197
    -------------------------------------------------------------------------------------------
    http://www.att4ck.com/images/tenyears.mid即可下载
    By:英雄

    2009-11-12 01:57 [回复]

发表评论

表情
还能输入210个字