Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: IE Shell URI Download and Execute, POC
From: "Fabricio A. Angeletti" <hellmind () rotten daemon sh>
Date: Fri, 16 Jul 2004 23:17:19 -0300

Its patched for me,
there is another patch for it
maybe u didnt installed or isnt active
do u got a web to test it?

----- Original Message ----- 
From: "Todd Towles" <toddtowles () brookshires com>
To: "'Ferruh Mavituna'" <ferruh () mavituna com>; "'L33tPrincess'"
<l33tprincess () yahoo com>; <bugtraq () securityfocus com>;
<full-disclosure () lists netsys com>
Sent: Wednesday, July 14, 2004 3:20 PM
Subject: RE: [Full-disclosure] Re: IE Shell URI Download and Execute, POC


Once again, they are trying to patch the attack vector used instead of the
core IE problem itself (which is directly related to it being tied into
the
OS level). I was once very pro-microsoft SMS Admin for my company but it
is
getting out of hand.

If you patch a hole, instead of a vector, then L33tPrincess wouldn't be
able
to add a couple of lines to the code and change the vector to make the
exploit workable in like 10 mins.

It is like they are throwing the media and the mass public trash "fix" to
make them happy while people like us shake our heads at what the public
doesn't know. The multiple patches for the same problem with different MS
numbers, it is a sad thing.

-----Original Message-----
From: Ferruh Mavituna [mailto:ferruh () mavituna com]
Sent: Wednesday, July 14, 2004 1:15 PM
To: 'Todd Towles'; 'L33tPrincess'; bugtraq () securityfocus com;
full-disclosure () lists netsys com
Subject: RE: [Full-disclosure] Re: IE Shell URI Download and Execute, POC

The fun is MS says we fixed "shell" but it's still active for me.

Ferruh.Mavituna
http://ferruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc

-----Original Message-----
From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-
admin () lists netsys com] On Behalf Of Todd Towles
Sent: Wednesday, July 14, 2004 6:18 PM
To: 'L33tPrincess'; bugtraq () securityfocus com; full-
disclosure () lists netsys com
Subject: RE: [Full-disclosure] Re: IE Shell URI Download and Execute,
POC

Depends on how Microsoft fixed IE. If they did the same thing as the
ADODB
patch from last week and just focused on the Shell.Application variant
instead of the code IE problem, then it won't stop this WSH variant by
L33tPrincess. Which I must say is a sweet name. =)





-----Original Message-----
From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-
admin () lists netsys com] On Behalf Of L33tPrincess
Sent: Tuesday, July 13, 2004 9:34 PM
To: bugtraq () securityfocus com; full-disclosure () lists netsys com
Subject: [Full-disclosure] Re: IE Shell URI Download and Execute, POC



Ferruh,

Is this a new variant (wscript.shell)?  Is the vulnerability mitigated
by
today's Microsoft patch?







Hello;

Code is based on http://www.securityfocus.com/archive/1/367878 (POC by
Jelmer) message. I just added a new feature "download" and then execute
application. Also I use Wscript.Shell in Javascript instead of
Shell.Application.

________________________________

Do you Yahoo!?
New and Improved Yahoo! Mail

<http://us.rd.yahoo.com/mail_us/taglines/100/*http:/promotions.yahoo.com/n
ew_mail/static/efficiency.html>  - 100MB free storage!




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]