aka...."Attacking Intranets from outside using Windows Media Player"
After almost two years since the omonimous PDP post, Windows Media Player bugs have awakened. And this time they are crawling into Intranets and among your local media files.
Since the attached whitepaper is self-explanatory, in this post I'm just going to point out some of the major issues found:
- Hijacking iframes in webpages where a WMP object is embedded Poc
- Local media file enumeration: this can be (ab)used by an attacker to know if some copyrighted media files (e.g. mp3) are on the victim's pc PoC
intranet network and sends the collected informations to the attacker PoC
- Intranet scanning: while the victim watches his favourite clip-of-the-day, Windows Media Player stealthly performs IP scanning of the victim
- Retrieving detailed informations about victim's operative system version, language and CPU type
- Triggering stealth FTP connections to an arbitrary site
Enjoy your reading!
June 12nd, 2009