Yup.
I get the same thing with IE on XP. The shell: command will open about any
.exe or other file. However, it will not work without intervention from a
web page <A>shell:blah</A> so to speak.
But it could be used with a multi layered attack I believe.
JP
-----Original Message-----
From: Ferruh Mavituna
To: 'Perrymon, Josh L.'; vuln-dev_at_securityfocus.com
Sent: 7/9/2004 12:42 AM
Subject: RE: Shell:
I tested this in Firefox 0.9.1, and strangely it fires-up my hex editor
with
given application.
And in IE (Win2003) if I run it by myself it executes calc.exe or any
other
exe in any place with shell and directory traversal.
But when I try to link it from a webpage it doesn't work my computer
zone or
internet zone it opens file download dialog box.
Ferruh.Mavituna
http://ferruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc
> -----Original Message-----
> From: Perrymon, Josh L. [mailto:PerrymonJ_at_bek.com]
> Sent: Thursday, July 08, 2004 6:41 PM
> To: vuln-dev_at_securityfocus.com
> Subject: Shell:
>
> What do you think about this in Mozilla OR IE?
>
> shell:windows\system32\cmd.exe
>
> I can't seem to pass any variables to it though because it bombs but
my
> syntax may be incorrect.
>
>
>
> Joshua Perrymon
> Sr. Network Security Consultant
> PGP Fingerprint
> 51B8 01AC E58B 9BFE D57D 8EF6 C0B2 DECF EC20 6021
>
> **********CONFIDENTIALITY NOTICE**********
> The information contained in this e-mail may be proprietary and/or
> privileged and is intended for the sole use of the individual or
> organization named above. If you are not the intended recipient or an
> authorized representative of the intended recipient, any review,
copying
> or distribution of this e-mail and its attachments, if any, is
prohibited.
> If you have received this e-mail in error, please notify the sender
> immediately by return e-mail and delete this message from your system.
>
>
Received on Jul 10 2004
Intro
