Full Disclosure mailing list archives

Re: IE Shell URI Download and Execute, POC

From: L33tPrincess <l33tprincess () yahoo com>
Date: Tue, 13 Jul 2004 19:33:38 -0700 (PDT)

Ferruh,
Is this a new variant (wscript.shell)?  Is the vulnerability mitigated by today's Microsoft patch?
 
 
 
Hello;

Code is based on http://www.securityfocus.com/archive/1/367878 (POC by
Jelmer) message. I just added a new feature "download" and then execute
application. Also I use Wscript.Shell in Javascript instead of
Shell.Application.

                
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!

Current thread:

IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 13)
- <Possible follow-ups>
- Re: IE Shell URI Download and Execute, POC L33tPrincess (Jul 14)
  - RE: Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 14)
  - RE: Re: IE Shell URI Download and Execute, POC Todd Towles (Jul 14)
    - RE: Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 14)
- RE: Re: IE Shell URI Download and Execute, POC Todd Towles (Jul 14)
  - RE: Re: IE Shell URI Download and Execute, POC Edward Ray (Jul 14)
  - Re: Re: IE Shell URI Download and Execute, POC Fabricio A. Angeletti (Jul 17)
    - RE: Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 17)
- RE: Re: IE Shell URI Download and Execute, POC Drew Copley (Jul 14)