Re: Internet Explorer (BAN IT !!!)

[Gary Flynn <flynngn () jmu edu>]

jelmer wrote:

> just looked at it, the authors messed up , so no it shouldn't work,  it
> doesn't work here
>
> they didn't get that error.jsp  is a java server page (something roughly
> equivalent to asp and php) that sets the response code to something that
> triggers the  res file to be loaded

The exploit worked fine here on an XP Home machine with all patches
and the latest version of I.E. I changed the executable that ran to
ipconfig.exe so I knew what would be running on my computer. I could
see the window open, saw the output of ipconfig.exe flash by, and
the wmplayer.exe file was replaced by the contents of ipconfig.exe.

If the IE configuration was changed to disallow opening content in
the media bar, then the error.jsp page was called which resulted
in a 404. I cannot say for certain that ipconfig.exe did not run but
I didn't see it and the wmplayer.exe file was unchanged. Similar results
were seen logging in as a non administor user account.

The I.E. configuration change is shown here:
http://www.jmu.edu/computing/security/info/iebug.shtml

I am not familiar enough with the exploit mechanisms to
determine how effective this is but I suspect not very
except against the script kiddies that will cut and paste
the posted exploit.

--
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html