Full Disclosure mailing list archives
Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV
From: "Thor Larholm" <thor () pivx com>
Date: Fri, 2 Jan 2004 19:14:46 -0800
From: "morning_wood" <se_cur_ity () hotmail com> running "malware.html" locally does produce the desired results, but then again...
The exploit is intended and created to be run locally from a local security zone - getting to a local zone in the first place requires other vulnerabilities.
i can get any html to execute locally calling a remote location for the
code, as
long as its run from the local machine.
There are several steps involved in most of all IE command execution exploits, some of these involve downloading and executing a file once you are already in a local security zone. What http-equiv did was to simplify that part of the process by using the Shell.Application object. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com 949-231-8496 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV http-equiv () excite com (Jan 01)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV Erik van Straten (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV morning_wood (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV Jelmer Kuperus (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV Will Image (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV morning_wood (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV Thor Larholm (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV morning_wood (Jan 02)
- RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV Bojan Zdrnja (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV Erik van Straten (Jan 02)
- <Possible follow-ups>
- RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV tlarholm (Jan 02)
- RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV tlarholm (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV http-equiv () excite com (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV JacK (Jan 03)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV John Bisley (Jan 05)
- RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV tlarholm (Jan 05)