VULHUB ™

Georgi Guninski security advisory #31 - There is a security vulnerability in Windows Media Player 7 exploitable thru IE which allows reading local files and executing arbitrary programs. The problem is the WMP ActiveX Control which allows launching javascript URLs in arbitrary already open frames. This allows taking over the frame's DOM. Includes exploit code. Demonstration available here.

Georgi Guninski security advisory #31 - There is a security vulnerability in Windows Media Player 7 exploitable thru IE which allows reading local files and executing arbitrary programs. The problem is the WMP ActiveX Control which allows launching javascript URLs in arbitrary already open frames. This allows taking over the frame's DOM. Includes exploit code. Demonstration available here.