11-01-2005, 03:27 PM
Internet Explorer Command Execution Vulnerability Test
Introduction
Some vulnerabilities have been discovered in Internet Explorer, which allows a malicious web site to execute arbitrary commands or install code on your computer without any user interaction.
A demonstration of the vulnerability is available for users running Internet Explorer 6 with Windows XP SP2 installed.
Test Case / Demonstration
Click the link below in order to test whether or not your system is vulnerable. This test is designed to work on Internet Explorer 6 with Windows XP SP2 installed.
Test Your System
Test Now - Left Click On This Link
Please note: If you wish to run the test multiple times, then please refresh this page before each test. The test requires that you have Windows installed in "c:/windows/".
What Happens When You Run The Test
When clicking the link above the exploit will be invoked. The exploit will launch "cmd.exe" (Command Prompt), which then will open a Secunia web page using "iexplore.exe" (Internet Explorer).
This test asks you to click a link before the exploit will run, this however, is not required for the vulnerability to work. The vulnerability can be exploited completely automatically by simply visiting a web site.
Result
You are vulnerable if a new Internet Explorer window opens, displaying a new Secunia web page.
Credits
The test is based on PoC by ShredderSub7.
PoC and test based on research by:
* ShredderSub7
* Paul, Greyhats Security
* Michael Evanchik
* Roozbeh Afrasiabi
* http-equiv
###############
To see this article and to do the tests go to
http://secunia.com/internet_explorer_com...lity_test/
Introduction
Some vulnerabilities have been discovered in Internet Explorer, which allows a malicious web site to execute arbitrary commands or install code on your computer without any user interaction.
A demonstration of the vulnerability is available for users running Internet Explorer 6 with Windows XP SP2 installed.
Test Case / Demonstration
Click the link below in order to test whether or not your system is vulnerable. This test is designed to work on Internet Explorer 6 with Windows XP SP2 installed.
Test Your System
Test Now - Left Click On This Link
Please note: If you wish to run the test multiple times, then please refresh this page before each test. The test requires that you have Windows installed in "c:/windows/".
What Happens When You Run The Test
When clicking the link above the exploit will be invoked. The exploit will launch "cmd.exe" (Command Prompt), which then will open a Secunia web page using "iexplore.exe" (Internet Explorer).
This test asks you to click a link before the exploit will run, this however, is not required for the vulnerability to work. The vulnerability can be exploited completely automatically by simply visiting a web site.
Result
You are vulnerable if a new Internet Explorer window opens, displaying a new Secunia web page.
Credits
The test is based on PoC by ShredderSub7.
PoC and test based on research by:
* ShredderSub7
* Paul, Greyhats Security
* Michael Evanchik
* Roozbeh Afrasiabi
* http-equiv
###############
To see this article and to do the tests go to
http://secunia.com/internet_explorer_com...lity_test/