Vulnerability Development mailing list archives
Re: Outlook/HTML "proggie"
From: mrousseau () LABCAL COM (Maxime Rousseau)
Date: Fri, 2 Jun 2000 09:05:14 -0400
So actually you are re-releasing for us the vulnerability found by Georgi Guninski and reported in microsoft bulletin MS99-032 "Patch Available for "scriptlet.typelib/Eyedog" Vulnerability", published by microsoft in August 31, 1999. Thats news! Check this link for more info on the issue: <http://www.microsoft.com/technet/security/bulletin/ms99-032.asp> You might also want to rethink your SCR acronym as it might as well have been SCRiptlet.Context, Scriptlet.Constructor, Scriptlet.Factory, Scriptlet.HostEncode, Scriptlet.SvrOm or any other SCRiptlet type object. Thanks however for sharing it with us alast, I wish you much luck with the anti-viral mail gateways! They are so annoying. Cheers, M. -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of methodman Sent: Thursday, June 01, 2000 4:33 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Outlook/HTML "proggie" well... since everybody is so interested in what the SCR object is, i'm going to tell you... it is an activex control with the classID: 06290BD5-48AA-11D2-8432-006008C3FBFC , it's name is actually SCRiptlet.typlib (that's why i gave it the id SCR). WSH has the classID F935DC22-1CF0-11D0-ADB9-00C04FD58A0B and is called "Windows Scripting Host Shell Object", (Wscript.SHell - therefore i gave it the id WSH). about badblood... i didn't even hear about it until Thierry said it exists, same goes for the code written by Exxtreme. about the source code... if you are reading this through outlook check "thisreallyworks.txt" on your desktop :)). -- this only works if the security level is not set to "restriced sites zone" [ methodman ]
Current thread:
- Re: Outlook/HTML "proggie" Shelagh Pepper (Jun 01)
- <Possible follow-ups>
- Re: Outlook/HTML "proggie" Maxime Rousseau (Jun 01)
- Re: Outlook/HTML "proggie" Shelagh Pepper (Jun 02)
- Re: Outlook/HTML "proggie" methodman (Jun 01)
- Possible problem with NT Domains Leigh Watson (Jun 02)
- Re: Outlook/HTML "proggie" Eric Chien (Jun 02)
- Re: Outlook/HTML "proggie" James Turner (Jun 02)
- MSProxy Server 2 Logic Bug (Jun 02)
- Re: Outlook/HTML "proggie" Walter Williams (Jun 02)
- AW: Outlook/HTML "proggie" Joerg Weber (Jun 02)
- Re: Outlook/HTML "proggie" Maxime Rousseau (Jun 02)
- Re: Outlook/HTML "proggie" Dan Schrader (Jun 05)