Full Disclosure mailing list archives
RE: What about M$ in the shell: race
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Sat, 10 Jul 2004 14:08:29 -0400
http://poc.homedns.org/execute.htm http://62.131.86.111/security/idiots/malware2k/installer.htm
I don't think of the Shell.Application exploit as the same thing as the shell: link exploit. Am I missing something?
shell:desktop
This really doesn't impress me. I don't see this as an attack at all, unless you can find a way to overflow the folder or something like that. Can you actually run code this way, as was easy to do with Mozilla with a simple shell:folder\\foo.exe? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer larryseltzer () ziffdavis com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- What about M$ in the shell: race Perrymon, Josh L. (Jul 09)
- Re: What about M$ in the shell: race daniel uriah clemens (Jul 09)
- RE: What about M$ in the shell: race Larry Seltzer (Jul 10)
- <Possible follow-ups>
- RE: What about M$ in the shell: race Perrymon, Josh L. (Jul 09)
- RE: What about M$ in the shell: race http-equiv () excite com (Jul 10)
- RE: What about M$ in the shell: race Larry Seltzer (Jul 10)
- RE: What about M$ in the shell: race Perrymon, Josh L. (Jul 10)
- RE: What about M$ in the shell: race Larry Seltzer (Jul 10)
- Re: What about M$ in the shell: race daniel uriah clemens (Jul 09)