Microsoft Windows Script Host GetObject() File Disclosure Vulnerability
BID:1718
Info
Microsoft Windows Script Host GetObject() File Disclosure Vulnerability
| Bugtraq ID: | 1718 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Sep 26 2000 12:00AM |
| Updated: | Sep 26 2000 12:00AM |
| Credit: | Posted to Bugtraq on September 26, 2000 by Georgi Guninski <[email protected]>. |
| Vulnerable: |
Microsoft Windows Scripting Host 5.5 Microsoft Windows Scripting Host 5.1 |
| Not Vulnerable: | |
Discussion
Exploit / POC
Microsoft Windows Script Host GetObject() File Disclosure Vulnerability
Georgi Guninski <[email protected]> has created a demonstration page located at the following site:
http://www.guninski.com/getobject1.html
Markus Kern <[email protected]> has supplied htmlfile_FWE-exploit.htm proof of concept, which affects systems that are patched for this issue:
Georgi Guninski <[email protected]> has created a demonstration page located at the following site:
http://www.guninski.com/getobject1.html
Markus Kern <[email protected]> has supplied htmlfile_FWE-exploit.htm proof of concept, which affects systems that are patched for this issue: