Full Disclosure mailing list archives
RE: IE Object Type Validation Vulnerability Exp loit
From: "Pelosi, Stephen:" <Steve.Pelosi () conocophillips com>
Date: Tue, 16 Sep 2003 12:24:11 -0700
Symantec AntiVirus detects the output file as containing a trojan http://securityresponse.symantec.com/avcenter/venc/data/trojan.progent.html -----Original Message----- From: titus () hush com [mailto:titus () hush com] Sent: Monday, September 15, 2003 4:19 PM To: full-disclosure () lists netsys com; n30_lists () hotmail com Subject: Re: [Full-disclosure] IE Object Type Validation Vulnerability Exploit *** PGP Signature Status: unknown *** Signer: Unknown, Key ID = 0x2C0A0B31 *** Signed: 9/15/2003 4:19:42 PM *** Verified: 9/16/2003 12:18:44 PM *** BEGIN PGP VERIFIED MESSAGE *** Download makevbs from the following URL http://rattlesnake.at.box.sk/newsread.php?newsid=7. You can use it to create a VBS script to upload and execute any file you want. -titus ----- Original Message ----- From: n30 To: phlox ; full-disclosure () lists netsys com Sent: Monday, September 15, 2003 6:37 PM Subject: Re: [Full-disclosure] IE Object Type Validation Vulnerability Exploit Thanks a lot guys for your reply...The things work like a charm.. I am now trying to understand the content of .php so that i can execute nc.exe instead of mal_ware.exe. Also is it possible to execute nc.exe from http://somewhere instaed of from local system? Any help/link/pointers greatly apprciated Thanks -N ----- Original Message ----- From: phlox To: full-disclosure () lists netsys com Sent: Monday, September 15, 2003 1:43 PM Subject: Re: [Full-disclosure] IE Object Type Validation Vulnerability Exploit page.php > page.hta look at page.hta attachment? -phlox ----- Original Message ----- From: n30 To: full-disclosure () lists netsys com Sent: Monday, September 15, 2003 12:46 PM Subject: [Full-disclosure] IE Object Type Validation Vulnerability Exploit Guys, Any body knows of any exploit for the Object type vuln Eeye has a POC http://archives.neohapsis.com/archives/vulnwatch/2003- q3/0084.html But I need something more firm for demonstartion. Any links/pointers apprciated Thanks in advance -N *** END PGP VERIFIED MESSAGE *** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: IE Object Type Validation Vulnerability Exp loit Pelosi, Stephen: (Sep 16)
- Re: IE Object Type Validation Vulnerability Exploit n30 (Sep 16)