Vulnerability Development mailing list archives
Re: local security workaround through IE
From: iwertheimer () KPMG COM (Wertheimer, Ishai)
Date: Thu, 6 Apr 2000 06:00:20 -0400
I'd like to add that I saw more than one case when you could run any app you want through Winzip. They wanted to enable the opportunity to zip files, but when any file is accessed through Winzip you can 'open' it and exploit the whole system (especially when they've left the Poledit in the public NetWare folder...) Cheers, Ishai Wertheimer -----Original Message----- From: Javor Ninov [SMTP:javor () multigroup-bg com] Sent: ? 05 ????? 2000 14:09 To: VULN-DEV () SECURITYFOCUS COM Subject: Re: local security workaround through IE Another way to get a dos prompt is via OLE objects :-)) Example: Start WordPad , goto menu INSERT , OBJECT, CREATE FROM FILE and type location of program you wish to start ( c:\command.com ) ----- Original Message ----- From: "Blue Boar" <BlueBoar () THIEVCO COM> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Saturday, March 25, 2000 10:02 AM Subject: Re: local security workaround through IE > Knud Erik H?jgaard wrote: > > > > On many 'crippled' public computers (at libraries etc.) running some sort > > of restriction software, its possible to use file/open/browse in IE, type > > for instance c:\ as filename, and get a directory overview. Nice for > > determining what kind of security software is running, (by looking in > > 'program files' *doh daft admins*) deleting files etc. . This is not a bug > > in IE, just bad programming from the software dudes...i guess? > > Right click the file you want to run, and instead of choosing the top > > option called 'select', use #2 called 'open' ... sometimes access is > > disallowed to certain files IE command.com etc. , but simply downloading > > the file from somewhere else or copying it to another location usually lets > > you run pretty much whatever you want. > > I've managed to get my prompt back on an NT box I was configuring to be > a kiosk via Netscape.. I secured it a bit too much during one round.:) > You can reconfigure just about any mime type to execute an external > program, say explorer.exe. > > I had netscape set to be the shell. It's easy to forget that changing > everyone to no access overrides admin having any access, since > everyone includes admin, and no access overrides any other ACLs. Whoops. > > > I've had loads of fun mass OOB'ing > > libraries from one of their own machines..yes i know its lame, but i kind > > of like looking at 40 screens turning blue one after another.. > > > > comments anyone ? > > > > Yes, winnuking is lame. :) > > That was patched a long time ago... they're still vulnerable? > > BB > ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. *****************************************************************************
Current thread:
- Re: local security workaround through IE, (continued)
- Re: local security workaround through IE Matthew S. Hallacy (Apr 03)
- Re: local security workaround through IE Bluefish (Apr 05)
- Re: local security workaround through IE WHiTe VaMPiRe (Apr 05)
- Re: local security workaround through IE Seth R Arnold (Apr 05)
- Novell 32bit Client , Passwords Michael Sanders (Apr 06)
- Re: Novell 32bit Client , Passwords Seth R Arnold (Apr 06)
- Re: Novell 32bit Client , Passwords Andrew Griffiths (Apr 06)
- Re: local security workaround through IE Andrew Bennieston (Apr 08)
- Re: local security workaround through IE Mr Jason C Hill (Apr 06)
- Award BIOS passwords (was Re: local security workaround through IE) Robert A. Seace (Apr 06)
- Re: Award BIOS passwords (was Re: local security workaround through IE) jnzero (Apr 07)
- Kill BIOS dEStr0YEr (Apr 08)
- Re: Kill BIOS Greg Rice (Apr 08)