Bugtraq mailing list archives
RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
From: "Drew Copley" <dcopley () eEye com>
Date: Wed, 14 Jul 2004 12:30:55 -0700
-----Original Message----- From: Ferruh Mavituna [mailto:ferruh () mavituna com] Sent: Wednesday, July 14, 2004 7:52 AM To: 'L33tPrincess'; bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POCIs the vulnerability mitigated by today's Microsoft patch?Both of POCs are working well (at least in my system -W2K3 all patches-) after recent MS patches. Can anyone confirm this ?
I can not. Wscript was deactivated with Guninski's WSH bug a long time ago. I just tested running wscript in the My Computer zone. It prompts as an unsafe activex. However, Microsoft needs to get on the ball here and secure that zone or make it trivial for their customers to do so. (Kudos for their link on their security page, but that kind of thing is targetted to IT professionals -- not to the masses... and they can figure that out by themselves already.) I also noticed the shell: path url does work as a source in an iframe.
Ferruh.Mavituna http://ferruh.mavituna.com PGPKey : http://ferruh.mavituna.com/PGPKey.asc-----Original Message----- From: full-disclosure-admin () lists netsys com[mailto:full-disclosure-admin () lists netsys com] On Behalf Of L33tPrincess Sent: Wednesday, July 14, 2004 5:34 AM To: bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: [Full-Disclosure] Re: IE Shell URI Download andExecute, POCFerruh, Is this a new variant (wscript.shell)? Is thevulnerability mitigated bytoday's Microsoft patch? Hello; Code is based onhttp://www.securityfocus.com/archive/1/367878 (POC byJelmer) message. I just added a new feature "download" andthen executeapplication. Also I use Wscript.Shell in Javascript instead of Shell.Application. ________________________________ Do you Yahoo!? New and Improved Yahoo! Mail<http://us.rd.yahoo.com/mail_us/taglines/100/*http://promotion s.yahoo.com/new_mail/static/efficiency.html> - 100MB free storage!
Current thread:
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 14)
- <Possible follow-ups>
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Drew Copley (Jul 14)
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Todd Towles (Jul 16)
- Re: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Fabricio A. Angeletti (Jul 18)
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 18)
- Re: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Fabricio A. Angeletti (Jul 18)
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 16)