Full Disclosure mailing list archives
RE: Re: IE Shell URI Download and Execute, POC
From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 14 Jul 2004 10:17:41 -0500
Depends on how Microsoft fixed IE. If they did the same thing as the ADODB patch from last week and just focused on the Shell.Application variant instead of the code IE problem, then it won't stop this WSH variant by L33tPrincess. Which I must say is a sweet name. =) -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of L33tPrincess Sent: Tuesday, July 13, 2004 9:34 PM To: bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: [Full-disclosure] Re: IE Shell URI Download and Execute, POC Ferruh, Is this a new variant (wscript.shell)? Is the vulnerability mitigated by today's Microsoft patch? Hello; Code is based on http://www.securityfocus.com/archive/1/367878 (POC by Jelmer) message. I just added a new feature "download" and then execute application. Also I use Wscript.Shell in Javascript instead of Shell.Application. _____ Do you Yahoo!? New <http://us.rd.yahoo.com/mail_us/taglines/100/*http:/promotions.yahoo.com/new _mail/static/efficiency.html> and Improved Yahoo! Mail - 100MB free storage!
Current thread:
- IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 13)
- <Possible follow-ups>
- Re: IE Shell URI Download and Execute, POC L33tPrincess (Jul 14)
- RE: Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 14)
- RE: Re: IE Shell URI Download and Execute, POC Todd Towles (Jul 14)
- RE: Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 14)
- RE: Re: IE Shell URI Download and Execute, POC Todd Towles (Jul 14)
- RE: Re: IE Shell URI Download and Execute, POC Edward Ray (Jul 14)
- Re: Re: IE Shell URI Download and Execute, POC Fabricio A. Angeletti (Jul 17)
- RE: Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 17)
- RE: Re: IE Shell URI Download and Execute, POC Drew Copley (Jul 14)