Full Disclosure mailing list archives
Re: Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!]
From: "http-equiv () excite com" <1 () malware com>
Date: Thu, 9 Sep 2004 17:21:05 -0000
<!--
"Alla Bezroutchko" wrote: Also interesting that they don't use "a {behavior:url(#default#AnchorClick);}" in this exploit which seems to be an essential part of http-
equiv's and
mikx's exploits.
The key to all this exploits is drag'n'drop access to a local directory. Since WinXP SP2 it's not possible to use "shell:startup" as src for an iframe --> You also can't or couldn't effect 'drag and drop' from or on the internet zone into the iframe. That is why the original is by design on the 'intranet zone' where you can: <iframe src="http://malware%2F.http-equiv.dyndns.org/~http- equiv/littleshit.html"> using 'bitlance winter's' magic dns. -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!] Martin Stricker (Sep 07)
- Re: Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!] Alla Bezroutchko (Sep 07)
- <Possible follow-ups>
- Re: Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!] http-equiv () excite com (Sep 09)