Media Player IE Zone Bypass exploit v1.19 Vulnerability exploited: NOCVE-2003-6625 - BID-8263 Category: Exploits/Client Side This module will listen HTTP requests from vulnerable clients and install a Level0 agent on them. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install a Level0 agent by sending a specially crafted HTML page which exploits the Windows Media Player IE Zone Access Control Bypass Vulnerability.You can force vulnerable clients to connect to the web server automatically by using this module to send them an specially designed e-mail to exploit this vulnerability if the client uses Outlook Express in the Internet Zone to read their mails.This exploit relies on a flaw in Windows Media Player that allows for untrusted content to access the Local Zone. Supported Systems: Windows 2000 Professional - sp3 (i386) Windows 2000 Professional - sp4 (i386) Windows 2000 Server - sp3 (i386) Windows 2000 Server - sp4 (i386) Windows 2000 Advanced Server - sp0 (i386) Windows 2000 Advanced Server - sp3 (i386) Windows 2000 Advanced Server - sp4 (i386) Windows XP Professional - sp1 (i386) Windows XP Home Edition - sp1 (i386) Windows 2000 Professional - sp3 (i386) Internet Explorer 6 Windows 2000 Professional - sp4 (i386) Internet Explorer 6 Windows 2000 Server - sp3 (i386) Internet Explorer 6 Windows 2000 Server - sp4 (i386) Internet Explorer 6 Windows 2000 Advanced Server - sp0 (i386) Internet Explorer 6 Windows 2000 Advanced Server - sp3 (i386) Internet Explorer 6 Windows 2000 Advanced Server - sp4 (i386) Internet Explorer 6 Windows XP Professional - sp1 (i386) Internet Explorer 6 This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.