RE: Shell:

["Perrymon, Josh L." <PerrymonJ () bek com>]

 Yup.

I get the same thing with IE on XP. The shell: command will open about any
.exe or other file. However, it will not work without intervention from a
web page <A>shell:blah</A> so to speak.

But it could be used with a multi layered attack I believe.

JP

-----Original Message-----
From: Ferruh Mavituna
To: 'Perrymon, Josh L.'; vuln-dev () securityfocus com
Sent: 7/9/2004 12:42 AM
Subject: RE: Shell:


I tested this in Firefox 0.9.1, and strangely it fires-up my hex editor
with
given application.

And in IE (Win2003) if I run it by myself it executes calc.exe or any
other
exe in any place with shell and directory traversal.

But when I try to link it from a webpage it doesn't work my computer
zone or
internet zone it opens file download dialog box.


Ferruh.Mavituna
http://ferruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc

> -----Original Message-----
> From: Perrymon, Josh L. [mailto:PerrymonJ () bek com]
> Sent: Thursday, July 08, 2004 6:41 PM
> To: vuln-dev () securityfocus com
> Subject: Shell:
>
> What do you think about this in Mozilla OR IE?
>
> shell:windows\system32\cmd.exe
>
> I can't seem to pass any variables to it though because it bombs but
my
> syntax may be incorrect.
>
>
>
> Joshua Perrymon
> Sr. Network Security Consultant
> PGP Fingerprint
> 51B8 01AC E58B 9BFE D57D  8EF6 C0B2 DECF EC20 6021
>
> **********CONFIDENTIALITY NOTICE**********
> The information contained in this e-mail may be proprietary and/or
> privileged and is intended for the sole use of the individual or
> organization named above.  If you are not the intended recipient or an
> authorized representative of the intended recipient, any review,
copying
> or distribution of this e-mail and its attachments, if any, is
prohibited.
> If you have received this e-mail in error, please notify the sender
> immediately by return e-mail and delete this message from your system.