Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Internet Explorer 0day exploit

Internet Explorer 0day exploit

From: Thor Larholm <seclists_at_larholm.com>
Date: Tue, 10 Jul 2007 07:09:23 +0200

There is a URL protocol handler command injection vulnerability in
Internet Explorer for Windows that allows you to execute shell commands
with arbitrary arguments. This vulnerability can be triggered without
user interaction simply by visiting a webpage.

When Internet Explorer encounters a reference to content inside a
registered URL protocol handler scheme it calls ShellExecute with the
EXE image path and passes the entire request URI without any input
validation. For the sake of demonstration I have constructed an exploit
that bounces through Firefox via the FirefoxURL protocol handler. The
full advisory and a working Proof of Concept exploit can be found at

http://larholm.com/2007/07/10/internet-explorer-0day-exploit/

Cheers
Thor Larholm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Jul 09 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]