**UPDATE** The links to the video are allllllll dead. Sorry bout that. I will see if I can get everything back up again, howver its not my video so this could be it.
Watch: (FINALLY got the vid up on google, but the quality is total crap, have a look anyways
then follow the link.)
In ZoNe’s own words-
Just a simple video I threw together demonstrating vulnerabilities in Myspace.com/Windows Operating systems. Microsoft may have patched the WMF 0-Day several months ago but it is still out there, it still pwns, and it is still evil as fuck.
The method works on pretty well any website that allows HTML, or has any kind of XSS vulnerability.
Of course, the WMF exploit doesnt work in <img>, you have to actually have to view it at its location. Howeverm you can save the WMF exploit as a .jpg or .gif and it will still have perfect effect.
When I actually made the video it took about 15 minutes before I got a connection, obviously, I cut this long scene out.
I would say out of 100 boxes 20 are vulnerable and would be instantly effected upon viewing an infected Myspace. The reason is because: FireFox considers SWF redirects as pop-ups, and any decent anti-virus can detect the WMF exploit right away.
This is devesatating via AIM. All you need to do is put the image in the “pictures” section and it will go to their temp folder.
So, ya, anywhere that gets a lot of hits (Myspace is the best place for this) you are going to get a lot of boxes.
Any questions? Don’t ask me cause this is some 1337 ass shit for me to explain in an email.
Here’s what I reccomend. Go to the milw0rm forum, register and start learning.