Full Disclosure mailing list archives

Re: Re: another filename bypass vulnerability - fromcmd.exe

From: Thierry Zoller <Thierry () Zoller lu>
Date: Fri, 18 Nov 2005 13:48:26 +0100

Dear barabas mutsonline,

bm>  Let's imagine there's an IE bug (quite hard to imagine, but ok)
bm> ....
bm> bm> adrianlima.gif and execute it using wsscript shell object run cmd /c adrianalima.gif (in vbs e.g.)
bm>  just a thought, haven't tested it nor have I written l33t PoC :p

Thanks, nice, haven't thought of this :)

-- 
http://secdev.zoller.lu
Thierry Zoller

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: another filename bypass vulnerability - fromcmd.exe barabas mutsonline (Nov 18)
- Re: Re: another filename bypass vulnerability - fromcmd.exe Thierry Zoller (Nov 18)