Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC

RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC

From: Ferruh Mavituna <ferruh_at_mavituna.com>
Date: Wed, 14 Jul 2004 17:52:25 +0300

> Is the vulnerability mitigated by
> today's Microsoft patch?

Both of POCs are working well (at least in my system -W2K3 all patches-)
after recent MS patches.

Can anyone confirm this ?

Ferruh.Mavituna
http://ferruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc

> -----Original Message-----
> From: full-disclosure-admin_at_lists.netsys.com [mailto:full-disclosure-
> admin_at_lists.netsys.com] On Behalf Of L33tPrincess
> Sent: Wednesday, July 14, 2004 5:34 AM
> To: bugtraq_at_securityfocus.com; full-disclosure_at_lists.netsys.com
> Subject: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
>
> Ferruh,
> Is this a new variant (wscript.shell)? Is the vulnerability mitigated by
> today's Microsoft patch?
>
>
>
> Hello;
>
> Code is based on http://www.securityfocus.com/archive/1/367878 (POC by
> Jelmer) message. I just added a new feature "download" and then execute
> application. Also I use Wscript.Shell in Javascript instead of
> Shell.Application.
>
> ________________________________
>
> Do you Yahoo!?
> New and Improved Yahoo! Mail
> <http://us.rd.yahoo.com/mail_us/taglines/100/*http://promotions.yahoo.com/
> new_mail/static/efficiency.html> - 100MB free storage!
Received on Jul 14 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]