Full Disclosure mailing list archives
RE: Re: IE Shell URI Download and Execute, POC
From: "Ferruh Mavituna" <ferruh () mavituna com>
Date: Wed, 14 Jul 2004 21:15:02 +0300
The fun is MS says we fixed "shell" but it's still active for me. Ferruh.Mavituna http://ferruh.mavituna.com PGPKey : http://ferruh.mavituna.com/PGPKey.asc
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure- admin () lists netsys com] On Behalf Of Todd Towles Sent: Wednesday, July 14, 2004 6:18 PM To: 'L33tPrincess'; bugtraq () securityfocus com; full- disclosure () lists netsys com Subject: RE: [Full-disclosure] Re: IE Shell URI Download and Execute, POC Depends on how Microsoft fixed IE. If they did the same thing as the ADODB patch from last week and just focused on the Shell.Application variant instead of the code IE problem, then it won't stop this WSH variant by L33tPrincess. Which I must say is a sweet name. =) -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure- admin () lists netsys com] On Behalf Of L33tPrincess Sent: Tuesday, July 13, 2004 9:34 PM To: bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: [Full-disclosure] Re: IE Shell URI Download and Execute, POC Ferruh, Is this a new variant (wscript.shell)? Is the vulnerability mitigated by today's Microsoft patch? Hello; Code is based on http://www.securityfocus.com/archive/1/367878 (POC by Jelmer) message. I just added a new feature "download" and then execute application. Also I use Wscript.Shell in Javascript instead of Shell.Application. ________________________________ Do you Yahoo!? New and Improved Yahoo! Mail <http://us.rd.yahoo.com/mail_us/taglines/100/*http:/promotions.yahoo.com/n ew_mail/static/efficiency.html> - 100MB free storage!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 13)
- <Possible follow-ups>
- Re: IE Shell URI Download and Execute, POC L33tPrincess (Jul 14)
- RE: Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 14)
- RE: Re: IE Shell URI Download and Execute, POC Todd Towles (Jul 14)
- RE: Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 14)
- RE: Re: IE Shell URI Download and Execute, POC Todd Towles (Jul 14)
- RE: Re: IE Shell URI Download and Execute, POC Edward Ray (Jul 14)
- Re: Re: IE Shell URI Download and Execute, POC Fabricio A. Angeletti (Jul 17)
- RE: Re: IE Shell URI Download and Execute, POC Ferruh Mavituna (Jul 17)
- RE: Re: IE Shell URI Download and Execute, POC Drew Copley (Jul 14)