Bugtraq mailing list archives
Re: Windows Media Player 7 and IE java vulnerability - executing arbitrary programs
From: "TAKAGI, Hiromitsu" <takagi () ETL GO JP>
Date: Thu, 18 Jan 2001 22:36:07 +0900
On Mon, 15 Jan 2001 18:10:10 +0200 Georgi Guninski <guninski () GUNINSKI COM> wrote:
There is a security vulnerability in Windows Media Player 7 exploitable thru IE and java which allows reading local files and browsing directories which in turn allows executing arbitratrary programs. This may lead to taking full control over user's computer.
<APPLET CODEBASE="file://c:/" ARCHIVE="Program files/Windows Media Player/SKINS/wmp2.wmz" CODE="gjavacodebase.class" WIDTH=700 HEIGHT=300>
I think it does not allow execution of arbitrary programs. My understanding is that Java applet launched with file: codebase will be executed under the sandbox security restrictions. So this vulnerability allows only reading of local files but not writing to files nor executing external programs. http://java.sun.com/sfaq/#diff | What is the difference between applets loaded over the net and applets | loaded via the file system? | : | Java-enabled browsers use the applet class loader to load applets | specified with file: URLs. So, the restrictions and protections that | accrue from the class loader and its associated security manager are | now in effect for applets loaded via file: URLs. -- Hiromitsu Takagi Electrotechnical Laboratory http://www.etl.go.jp/~takagi/
Current thread:
- Windows Media Player 7 and IE java vulnerability - executing arbitrary programs Georgi Guninski (Jan 15)
- Re: Windows Media Player 7 and IE java vulnerability - executing arbitrary programs TAKAGI, Hiromitsu (Jan 18)