Thread: iLiad Status quo
View Single Post
Old 07-29-2006, 01:39 PM   #5
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,583
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
Has anyone tried this exploit that worked for Mozilla Firefox until 1.5.0.4? Perhaps it would work for iRex Minimo as well...

Quote:
The following bug (mfsa2006-45) was tested on Firefox 1.5.0.4 running on Windows 2000 SP4, Windows XP SP2, and a recently updated Gentoo Linux system. This bug was reported by TippingPoint and fixed in the latest 1.5.0.5 release of Mozilla Firefox. This is different from the bug I reported (mfsa2006-48) and is trivial to turn into a working exploit. The demonstration link below will attempt to launch "calc.exe" on Windows systems, execute "touch /tmp/METASPLOIT" on Linux systems, and bind a command shell to port 4444 for Mac OS X Intel and PowerPC systems (thanks Todd and nemo!).

window.navigator = (0x01020304 / 2);
java.lang.reflect.Runtime.newInstance( java.lang.Class.forName("java.lang.Runtime"), 0);

Demonstration

This bug has been added to the OSVDB:
Mozilla Multiple Product Window Navigator Object Arbitrary Code Execution
TadW is offline   Reply With Quote