RE: IE7 DLL-load hijacking Exploit posted on Milw0rm

[Larry Seltzer <Larry () larryseltzer com>]

I did. See
http://aviv.raffon.net/2006/12/14/IE7DLLloadHijackingCodeExecutionExploi
tPoC.aspx for the guy's original blog and some comments.

I've been able to replicate it sometimes, but sometimes it just doesn't
work for me. We couldn't figure out why it was inconsistant. 

Caveats for it: there's quite a bit of user interaction involved; some
users don't launch IE from the desktop; the file has to hit the file
system where AV can get at it. 

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Col
Sent: Wednesday, December 20, 2006 5:55 AM
To: funsec () linuxbox org
Subject: [funsec] IE7 DLL-load hijacking Exploit posted on Milw0rm

Re: MS Internet Explorer 7 (DLL-load hijacking) Command Execution
Exploit

http://www.milw0rm.com/exploits/2929

Has anyone looked into this? I've not got the knowledge/tools/time to do
anything with it and don't see any other discussions on it.

Would like to know the effects on Vista etc.

Cheers,

Col.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.