Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: IE Shell URI Download and Execute, POC
From: "Drew Copley" <dcopley () eEye com>
Date: Wed, 14 Jul 2004 12:30:55 -0700

 

-----Original Message-----
From: Ferruh Mavituna [mailto:ferruh () mavituna com] 
Sent: Wednesday, July 14, 2004 7:52 AM
To: 'L33tPrincess'; bugtraq () securityfocus com; 
full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Re: IE Shell URI Download and 
Execute, POC

Is the vulnerability mitigated by
today's Microsoft patch?

Both of POCs are working well (at least in my system -W2K3 
all patches-)
after recent MS patches.

Can anyone confirm this ?

I can not. Wscript was deactivated with Guninski's WSH bug
a long time ago. I just tested running wscript in the My
Computer zone. It prompts as an unsafe activex.

However, Microsoft needs to get on the ball here and secure
that zone or make it trivial for their customers to do so. (Kudos
for their link on their security page, but that kind of
thing is targetted to IT professionals -- not to the masses...
and they can figure that out by themselves already.)

I also noticed the shell: path url does work as a source in
an iframe.






Ferruh.Mavituna
http://ferruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-
admin () lists netsys com] On Behalf Of L33tPrincess
Sent: Wednesday, July 14, 2004 5:34 AM
To: bugtraq () securityfocus com; full-disclosure () lists netsys com
Subject: [Full-disclosure] Re: IE Shell URI Download and 
Execute, POC

Ferruh,
Is this a new variant (wscript.shell)?  Is the 
vulnerability mitigated by
today's Microsoft patch?



Hello;

Code is based on 
http://www.securityfocus.com/archive/1/367878 (POC by
Jelmer) message. I just added a new feature "download" and 
then execute
application. Also I use Wscript.Shell in Javascript instead of
Shell.Application.

________________________________

Do you Yahoo!?
New and Improved Yahoo! Mail

<http://us.rd.yahoo.com/mail_us/taglines/100/*http://promotion
s.yahoo.com/
new_mail/static/efficiency.html>  - 100MB free storage!



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault