Yahoo Messenger WScript.Shell ActiveX control command execution
Added: 07/29/2010Background
Yahoo! Messenger is an instant messaging application. It includes the WScript.Shell ActiveX control.Problem
The Execute method of the WScript.Shell ActiveX control allows command execution when a malicious web page is loaded in Internet Explorer.Resolution
Set the kill bit for Class ID 72C24DD5-D70A-438B-8A42-98424B88AFB8 as described in Microsoft Knowledge Base Article 240797.References
http://www.exploit-db.com/exploits/14473/Limitations
Exploit works on Yahoo Messenger 10.0.0.1270-us and requires a user to open the exploit page in Internet Explorer.The option "Initialize and script ActiveX controls not marked as safe" must be enabled in Internet Explorer.
After launching the exploit, the exploit.exe file must be downloaded and saved onto the specified share.
The specified share must be accessible to the target.
Platforms
WindowsBack to exploit index