Vulnerability Development mailing list archives
RE: Shell:
From: "Perrymon, Josh L." <PerrymonJ () bek com>
Date: Fri, 9 Jul 2004 16:45:10 -0500
Yup. I get the same thing with IE on XP. The shell: command will open about any .exe or other file. However, it will not work without intervention from a web page <A>shell:blah</A> so to speak. But it could be used with a multi layered attack I believe. JP -----Original Message----- From: Ferruh Mavituna To: 'Perrymon, Josh L.'; vuln-dev () securityfocus com Sent: 7/9/2004 12:42 AM Subject: RE: Shell: I tested this in Firefox 0.9.1, and strangely it fires-up my hex editor with given application. And in IE (Win2003) if I run it by myself it executes calc.exe or any other exe in any place with shell and directory traversal. But when I try to link it from a webpage it doesn't work my computer zone or internet zone it opens file download dialog box. Ferruh.Mavituna http://ferruh.mavituna.com PGPKey : http://ferruh.mavituna.com/PGPKey.asc
-----Original Message----- From: Perrymon, Josh L. [mailto:PerrymonJ () bek com] Sent: Thursday, July 08, 2004 6:41 PM To: vuln-dev () securityfocus com Subject: Shell: What do you think about this in Mozilla OR IE? shell:windows\system32\cmd.exe I can't seem to pass any variables to it though because it bombs but
my
syntax may be incorrect. Joshua Perrymon Sr. Network Security Consultant PGP Fingerprint 51B8 01AC E58B 9BFE D57D 8EF6 C0B2 DECF EC20 6021 **********CONFIDENTIALITY NOTICE********** The information contained in this e-mail may be proprietary and/or privileged and is intended for the sole use of the individual or organization named above. If you are not the intended recipient or an authorized representative of the intended recipient, any review,
copying
or distribution of this e-mail and its attachments, if any, is
prohibited.
If you have received this e-mail in error, please notify the sender immediately by return e-mail and delete this message from your system.
Current thread:
- Shell: Perrymon, Josh L. (Jul 08)
- Re: Shell: steve johnson (Jul 08)
- Re: Shell: mike (Jul 09)
- Re: Shell: Seth Chromick (Jul 09)
- RE: Shell: Ferruh Mavituna (Jul 09)
- <Possible follow-ups>
- RE: Shell: Perrymon, Josh L. (Jul 09)
- Re: Shell: steve johnson (Jul 08)