Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: IE Shell URI Download and Execute, POC
From: "Ferruh Mavituna" <ferruh () mavituna com>
Date: Wed, 14 Jul 2004 17:52:25 +0300

Is the vulnerability mitigated by
today's Microsoft patch?

Both of POCs are working well (at least in my system -W2K3 all patches-)
after recent MS patches.

Can anyone confirm this ?


Ferruh.Mavituna
http://ferruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc

-----Original Message-----
From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-
admin () lists netsys com] On Behalf Of L33tPrincess
Sent: Wednesday, July 14, 2004 5:34 AM
To: bugtraq () securityfocus com; full-disclosure () lists netsys com
Subject: [Full-disclosure] Re: IE Shell URI Download and Execute, POC

Ferruh,
Is this a new variant (wscript.shell)?  Is the vulnerability mitigated by
today's Microsoft patch?



Hello;

Code is based on http://www.securityfocus.com/archive/1/367878 (POC by
Jelmer) message. I just added a new feature "download" and then execute
application. Also I use Wscript.Shell in Javascript instead of
Shell.Application.

________________________________

Do you Yahoo!?
New and Improved Yahoo! Mail
<http://us.rd.yahoo.com/mail_us/taglines/100/*http://promotions.yahoo.com/
new_mail/static/efficiency.html>  - 100MB free storage!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]