mailing list archives
Re: Re: RE: playing for fun with <=IE7
From: laurent.gaffie () gmail com
Date: 25 Oct 2007 15:58:16 -0000
Nop it wont work.
the first .exe extension will be overwriten by
the second one . then it will be putty.exe anyways.
"avivra" did mention that he was able to use this bypass to automate the PDF attack vector
found by GNUCitizen's pdp
he also did mention that cyber_flash found the same kind of vuln on IE6 sp2 3 years ago.
thanks to him for theses precisions.
i was also able to reproduce the pdp(gnucitizen) pdf 0days remotly without any promt with IE7
using the avivra idea/exemple showed on his video
here's a live exemple:
pdf is open , calc.exe is launched no promt .
we can imagine the impact with a:
regards laurent gaffié
//sorry for the delay.