Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: IE Shell URI Download and Execute, POC
From: L33tPrincess <l33tprincess () yahoo com>
Date: Tue, 13 Jul 2004 19:33:38 -0700 (PDT)

Ferruh,
Is this a new variant (wscript.shell)?  Is the vulnerability mitigated by today's Microsoft patch?
 
 
 
Hello;

Code is based on http://www.securityfocus.com/archive/1/367878 (POC by
Jelmer) message. I just added a new feature "download" and then execute
application. Also I use Wscript.Shell in Javascript instead of
Shell.Application.

                
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault