XML Core Services 0-day

Hi folks,

I’m sure by now everyone is aware of the XML Core Services 0-day that ISS alerted us about over the weekend. My initial impression was that it didn’t work, but it seems that if you have MSXML 4.0 installed (duh), it works like a charm. On my test system, it installed both an exe and dll.

Watch out.


  • John

    Could you post a link to your test page? I’ve been looking for a POC to test against for the past few days and come up dry.


  • XML exploit

    … stuff deleted …

    ah … sorry …. too much information…. :-)




  • sunshine

    Well, it was too late deleting it, the exploit is out. I discussed it with str0ke before he posted it.

  • http://not mauricio



    ERROR: “OBJ” NOT IS OBJECT or is nul :(

    HELP My
    pleace …. email:: rmauricior@yahoo.com

  • noroot

    Which IE you are testing it with? which OS are you testing it? it could be you don’t have the activex.

  • http://f0rgM3silly.com f0org3

    Why are people so dumb? and why is that you have to figure things out yourself to become a hacker? well i guess thats the fun part..figuring things out…but after that..if you want to get fame..you release the exploit and then people know your handle and give you props! :) well. Executing a trojan that uses BHO technique to phish for information even SSL connections is simply amazing. Setiri is one of the pioneers of the technique. I admire the work. Please if anyone can give me unpublic sources to get a copy of setiri and/or other variants …anything for further study ..should please send an email to finj3kt0r…at…yahoo.com …thanks for the medium and hope to here from Someone.

    PS why do many people not post back to this? ..dont they know how dangerous this things are?

    Yours Sincerely
    Ins1di0us f0rg3