RE: > hhctrl.ocx is not installed by default in all SP1s but is on all SP2.

[Tim ShredderSub7 <shreddersub7 () yahoo com>]

Sorry, forgot to mention this. The website (http://www.freewebs.com/shreddersub7/expl-discuss.htm) is updated now. 

I couldn't respond earlier because Microsoft has shutted down my Hotmail account (shreddersub7 () hotmail com doesn't 
work anymore) and therefore I lost all my mails, including the ones from Full Disclosure :-(

Ow well, they can't stop me, just email to shreddersub7_at_yahoo.com ;-)

 

---ORIGINIAL MESSAGE (se_cur_ity_at_hotmail.com)---

> hhctrl.ocx is not installed by default in all SP1s but is on all SP2. 
> Therefore when the exploit page tries to create the object he cannot 
> find it so it tries to install it. On SP2 it exists by default therefore 
> created silently. 


i replied to this because of this statement by the O.P.. 

"Any system running any Microsoft Windows XP edition with Internet Explorer 
6 
or higher, even with SP2 applied." 
this suggests that all XP are affected by default, including sp2. 

cheers, 

m.w 

p.s. I have noticed that the final pre-release of SP2 is much better ( in my 
experience ) 
performance and security wise. ( and it retains raw sockets ). In SP2rc2, 
IE6 popup 
blocker stopped the PoC at default settings. 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html