Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:7836
HistoryFeb 16, 2005 - 12:00 a.m.

[Full Disclosure] Using DHTML XSS to launch HHCTRL exploit

2005-02-1600:00:00
vulners.com
29
JSON

[Full Disclosure] Using DHTML XSS to launch HHCTRL exploit

GeCAD NET Security Advisory 2005.02.16
Original notice (requires authentication):
http://www.gecadnet.ro/windows/?AID=1414
February 16th 2005

  1. Past Events

On January 20th 2005, GeCAD NET released a security advisory warning
that the exploit for the HHCTRL vulnerability can still be used on an
attack by using another known (and at that time unpatched) vulnerability
in Microsoft Internet Explorer. Patched up-to-date Windows XP SP1 and
Windows 2000 SP4 systems were confirmed as vulnerable.

On February 8th 2005 Microsoft released a set of security patches. One
of them, MS05-013, fixes the DHTML Editing Component ActiveX Control
Cross-Site Scripting vulnerability, which was the one GeCAD NET used in
order to launch the HHCTRL exploit.

  1. Description

The alert mentioned in the header contains a Full Disclosure of this
issue. Proof-of-Concept code is also provided.

  1. Conclusion

If the target system is not patched with MS05-013, a remote attacker
might prepare a specially crafted webpage that when loaded in Internet
Explorer, it will allow execution of attacker controller code on the
target system, thus leading to system security compromise.

  1. Tests conducted and results

GeCAD NET confirms that this attack vector is blocked on the systems
patched with MS05-013.

Windows XP Service Pack 2 seems not to be vulnerable to this attack
method. However, it is strongly advised users apply the patch in order
to fix the XSS vulnerability.

  1. Events

01/18/2005 Exploit created and tested
01/19/2005 Vendor notified
01/20/2005 Vendor response
01/20/2005 Public warning
02/08/2005 Patch released
02/16/2005 Full Disclosure

  1. Legal Notices

Copyright (c) 2005 GeCAD NET (member of GeCAD Group)

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without written consent
of GeCAD NET. If you wish to reprint the whole or any part of this alert
in any other medium other than electronically, please email
[email protected] for permission.

Disclaimer:
The content of this alert is believed to be accurate at the time of
publishing based on currently available information. Neither the author
nor the publisher accepts any liability for any direct, indirect, or
consequential loss or damage arising from use of, or reliance on, this
information.

JSON