Full Disclosure mailing list archives
Re: Internet Explorer (BAN IT !!!)
From: Gary Flynn <flynngn () jmu edu>
Date: Fri, 10 Oct 2003 09:20:34 -0400
jelmer wrote:
just looked at it, the authors messed up , so no it shouldn't work, it doesn't work here they didn't get that error.jsp is a java server page (something roughly equivalent to asp and php) that sets the response code to something that triggers the res file to be loaded
The exploit worked fine here on an XP Home machine with all patches and the latest version of I.E. I changed the executable that ran to ipconfig.exe so I knew what would be running on my computer. I could see the window open, saw the output of ipconfig.exe flash by, and the wmplayer.exe file was replaced by the contents of ipconfig.exe. If the IE configuration was changed to disallow opening content in the media bar, then the error.jsp page was called which resulted in a 404. I cannot say for certain that ipconfig.exe did not run but I didn't see it and the wmplayer.exe file was unchanged. Similar results were seen logging in as a non administor user account. The I.E. configuration change is shown here: http://www.jmu.edu/computing/security/info/iebug.shtml I am not familiar enough with the exploit mechanisms to determine how effective this is but I suspect not very except against the script kiddies that will cut and paste the posted exploit. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Internet Explorer (BAN IT !!!) BoneMachine (Oct 09)
- <Possible follow-ups>
- RE: Internet Explorer (BAN IT !!!) BoneMachine (Oct 09)
- RE: Internet Explorer (BAN IT !!!) Syed Imran Ali (Oct 10)
- Re: Internet Explorer (BAN IT !!!) jelmer (Oct 10)
- Re: Internet Explorer (BAN IT !!!) Gary Flynn (Oct 10)
- Re: Internet Explorer (BAN IT !!!) jelmer (Oct 10)