Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: What about M$ in the shell: race
From: "http-equiv () excite com" <1 () malware com>
Date: Sat, 10 Jul 2004 16:42:03 -0000


Every bit of real testing I've seen shows this is not a real 
vulnerability in IE. 


surely you jest.

It is the Key to the Kingdom. To quote the original finder, way 
back in June of 2003:

"allows remote attacker to traverse "Shell Folders" directories. 
A remote attacker is able to gain access to the path of the %
USERPROFILE% folder without guessing a target user name by this 


"C:\Documents and Settings\%USERNAME%\Desktop"

Perhaps you missed these "real" tests:


or maybe you didn't.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]