Full Disclosure mailing list archives
Internet Explorer 0day exploit
From: Thor Larholm <seclists () larholm com>
Date: Tue, 10 Jul 2007 07:09:23 +0200
There is a URL protocol handler command injection vulnerability in Internet Explorer for Windows that allows you to execute shell commands with arbitrary arguments. This vulnerability can be triggered without user interaction simply by visiting a webpage. When Internet Explorer encounters a reference to content inside a registered URL protocol handler scheme it calls ShellExecute with the EXE image path and passes the entire request URI without any input validation. For the sake of demonstration I have constructed an exploit that bounces through Firefox via the FirefoxURL protocol handler. The full advisory and a working Proof of Concept exploit can be found at http://larholm.com/2007/07/10/internet-explorer-0day-exploit/ Cheers Thor Larholm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Internet Explorer 0day exploit Thor Larholm (Jul 09)
- Re: Internet Explorer 0day exploit Gadi Evron (Jul 10)
- Re: Internet Explorer 0day exploit Dragos Ruiu (Jul 14)
- Re: Internet Explorer 0day exploit Dude VanWinkle (Jul 14)
- Re: Internet Explorer 0day exploit Gadi Evron (Jul 15)
- Re: Internet Explorer 0day exploit Anupam Mishra (Jul 24)
- Re: Internet Explorer 0day exploit T Biehn (Jul 24)
- Re: Internet Explorer 0day exploit Dragos Ruiu (Jul 14)
- Re: Internet Explorer 0day exploit Gadi Evron (Jul 10)
- <Possible follow-ups>
- Re: Internet Explorer 0day exploit Paul Szabo (Jul 10)
- Re: Internet Explorer 0day exploit LIUDIEYU dot COM (Jul 10)