RE: IE execution of arbitrary commands without Active Scripting

[Nick FitzGerald <nick () virus-l demon co uk>]

Thomas Thornbury <thornt () optonline net> wrote:

> This has got to be one of the scarier exploits in recent memory.

Nah -- _far_ from it.

Several people with a good record of finding truly bad holes in IE
and related s/w have been banging away at this for some time now. 
First, to date no-one has found a way to use it for executing
arbitrary code and there have been several other holes recently that
do allow arbitrary code execution.  Second, no-one has even found a
way to poke parameters to the programs that can be launched this
way, which have to have a fully specified, local to the target
program filename or pre-existing CLSID definition in the target
machine's registry:

   http://home.austin.rr.com/wiredgoddess/thepull/funRun.html

I'd rate it "mildly interesting"...

This does not mean MS should delay fixing it until some clever soul 
does work out how to achieve either or both the above, but it 
certainly makes it orders of magnitude less interesting and less 
worrying than some of the recent "auto-detach and run" Email 
attachments or MIME "inclusions" in web pages bugs.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854