Full Disclosure mailing list archives
RE: Re: Six Step IE Remote Compromise Cache Attack
From: "Michael Evanchik" <mike () alanpickel com>
Date: Fri, 14 Nov 2003 13:14:10 -0500
yes as i said at the top microsoft quickly patched it. The least they can do with their track record. Mike ________________________________ From: Erwin Paternotte [mailto:e.paternotte () itsec-ss nl] Sent: Fri 11/14/2003 10:56 AM To: Michael Evanchik Cc: liudieyuinchina () yahoo com cn Subject: Re: [Full-Disclosure] Re: Six Step IE Remote Compromise Cache Attack Michael Evanchik wrote:
1) take out the function name and brackets and all code below </script> in default.htm and save to make the start automatic 2) open MHT-ldy.mht and open it in notepad. 3) edit the 2 links for the .exe and the shell.htm (read step 4 on how that file is created) file 4o be the exact location of your exe and shell.htm on the server your hosting the pages(most likely you will need full access to the server and freehosts wont work) 5) change the base64 exe code to your own in MHT-ldy.mht and save 6) save it as shell.htm to the same location you have noted in MHT-ldy.mht 7) of course delete all the alert command lines in ScriptBodyJsp.asp
Hi, I've tested your modifications as described above on a fully patched Windows 2000 and IE. It seems the first step of the Six Step is blocked by the cumulative patch included with MS03-048. I'm not sure if this is due to the modifications you made or if this is the same for the original Six Step. Do you know which of the vulnerabilities described in MS03-048 are the same as the steps of the Six Step and are fixed by this MS bulletin? Thanks in advance for your time. Regards, Erwin.
Current thread:
- Re: Six Step IE Remote Compromise Cache Attack http-equiv () excite com (Nov 05)
- <Possible follow-ups>
- RE: Re: Six Step IE Remote Compromise Cache Attack Michael Evanchik (Nov 14)
- RE: Re: Six Step IE Remote Compromise Cache Attack Michael Evanchik (Nov 14)