Bugtraq mailing list archives
RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
From: "Ferruh Mavituna" <ferruh () mavituna com>
Date: Wed, 14 Jul 2004 17:52:25 +0300
Is the vulnerability mitigated by today's Microsoft patch?
Both of POCs are working well (at least in my system -W2K3 all patches-) after recent MS patches. Can anyone confirm this ? Ferruh.Mavituna http://ferruh.mavituna.com PGPKey : http://ferruh.mavituna.com/PGPKey.asc
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure- admin () lists netsys com] On Behalf Of L33tPrincess Sent: Wednesday, July 14, 2004 5:34 AM To: bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Ferruh, Is this a new variant (wscript.shell)? Is the vulnerability mitigated by today's Microsoft patch? Hello; Code is based on http://www.securityfocus.com/archive/1/367878 (POC by Jelmer) message. I just added a new feature "download" and then execute application. Also I use Wscript.Shell in Javascript instead of Shell.Application. ________________________________ Do you Yahoo!? New and Improved Yahoo! Mail <http://us.rd.yahoo.com/mail_us/taglines/100/*http://promotions.yahoo.com/ new_mail/static/efficiency.html> - 100MB free storage!
Current thread:
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 14)
- <Possible follow-ups>
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Drew Copley (Jul 14)
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Todd Towles (Jul 16)
- Re: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Fabricio A. Angeletti (Jul 18)
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 18)
- Re: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Fabricio A. Angeletti (Jul 18)
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 16)