mailing list archives
Betr.: Re: Fix for IE ADODB.Stream vulnerability is out
From: "http-equiv () excite com" <1 () malware com>
Date: Sat, 3 Jul 2004 02:06:32 -0000
still have to contend with mshta.exe calling out through the
iframe and more than likely firewalled long ago, so use it to
write the registry to kill the download warning, then use it set
the browser home page as http://www..../foo.exe, that or the
default search engine.
tons of possibilities.
Well done Matthew !
('HKCR\exefile\EditFlags', 0x38070000, "REG_BINARY");)
On quick reflection, I completely missed Matthew's point. It's
brilliant. If you can indeed kill the download dialog, kill it,
stick a frame in it and bang. If it doesn't work, use the
regWrite and re-set the adodb.stream instead, and continue on
your merry way.
Full-Disclosure - We believe in it.