Naturally, this only works from a local security zone such as the My
Computer zone. You cannot exploit the Shell.Application object from the
Internet Zone where you get an explanatory "Permission Denied" error.
This eases the process of abusing local security zone privileges but
does not change that you could already download and execute files when
inside a local security zone. If you want to "exploit" this from the
Internet Zone you still need to rely on yet another cross-domain
vulnerability to gain access to the My Computer zone where you could
already use ADODB and codeBase to execute files.
One more way to do the same, but definitely a more explanatory and
simplistic approach ;)
Naturally, locking down the My Computer zone prevents this exploit from
working - personally, I would recommend installing Qwik-Fix and forget
about command execution vulnerabilities in IE :)
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor_at_pivx.com
949-231-8496
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net>
-----Original Message-----
From: http-equiv_at_excite.com [mailto:1_at_malware.com]
Sent: Thursday, January 01, 2004 2:42 PM
To: full-disclosure_at_lists.netsys.com
Subject: [Full-disclosure] Self-Executing HTML: Internet Explorer 5.5
and 6.0 Part IV
<snip
http://lists.netsys.com/pipermail/full-disclosure/2004-January/015144.ht
ml>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Jan 02 2004
Intro
