Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Re: RE: playing for fun with <=IE7
From: laurent.gaffie () gmail com
Date: 25 Oct 2007 15:58:16 -0000

Hi there
Nop it wont work.
the first .exe extension will be overwriten by
the second one . then it will be putty.exe anyways.

"avivra" did mention that he was able to use this bypass to automate the PDF attack vector
found by GNUCitizen's pdp

he also did mention that cyber_flash found the same kind of vuln on IE6 sp2 3 years ago.

thanks to him for theses precisions.

i was also able to reproduce the pdp(gnucitizen) pdf 0days remotly without any promt with IE7
using the avivra idea/exemple showed on his video
here's a live exemple:
pdf is open , calc.exe is launched no promt .

we can imagine the impact with a:
-permanent Xss
-malicious webpage

regards laurent gaffiƩ

//sorry for the delay.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]