Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Windows Media Player 7 and IE java vulnerability - executing arbitrary programs
From: "TAKAGI, Hiromitsu" <takagi () ETL GO JP>
Date: Thu, 18 Jan 2001 22:36:07 +0900

On Mon, 15 Jan 2001 18:10:10 +0200
Georgi Guninski <guninski () GUNINSKI COM> wrote:
There is a security vulnerability in Windows Media Player 7
exploitable thru IE and java which allows reading local files and
browsing directories which in turn allows executing arbitratrary
programs. This may lead to taking full control over user's computer.

<APPLET CODEBASE="file://c:/" ARCHIVE="Program files/Windows Media Player/SKINS/wmp2.wmz"
CODE="gjavacodebase.class" WIDTH=700 HEIGHT=300>

I think it does not allow execution of arbitrary programs.

My understanding is that Java applet launched with file: codebase will
be executed under the sandbox security restrictions.  So this
vulnerability allows only reading of local files but not writing to
files nor executing external programs.

| What is the difference between applets loaded over the net and applets
| loaded via the file system?
|   :
| Java-enabled browsers use the applet class loader to load applets
| specified with file: URLs. So, the restrictions and protections that
| accrue from the class loader and its associated security manager are
| now in effect for applets loaded via file: URLs.

Hiromitsu Takagi
Electrotechnical Laboratory

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]