1. I have full patched Win XP
2.MS04-15 is for HCS -
http://www.microsoft.com/technet/security/bulletin/MS04-015.mspx
Vulnerability in Help and Support Center Could Allow Remote Code Execution
(840374)
i don't have any idea how could it patch thing with help:// protocol, and
the last thing - as i wrote, Microsoft says it is normal.
Best regards
Bartosz Kwitkowski
----- Original Message -----
From: "pingywon MCSE" <pingywon_at_gmail.com>
To: "Bartosz Kwitkowski" <bartosz_at_wb.pl>
Cc: <vuln-dev_at_securityfocus.com>
Sent: Sunday, July 11, 2004 7:11 AM
Subject: Re: help:// protocol in Windows XP Prof
> hate to be the one to break it to you guys but that was just patched
> in ms04-15 by an exploit found by morning_wood.
>
> www.illmob.org
>
> On 6 Jul 2004 09:36:16 -0000, Bartosz Kwitkowski <bartosz_at_wb.pl> wrote:
> >
> >
> > There is funny thing in Internet Explorer 6.0 - Windows XP Professional
(fully patched).
> >
> > When you are writing address in IE you can replace http:// by help://
> >
> > example:
> >
> > http://wb.pl/bartosz = help://wb.pl/bartosz
> >
> > and than hit <ENTER>... Page will open...
> >
> > other...
> >
> > help://www.securityfocus.com - looks funny, isn't? :-)
> >
> > when IE opens page changes help:// to http://
> >
> > BUT, BUT,
> >
> > when you are create hyperlink check
> >
> > it won't work - IE says syntax error...
> >
> > I'm trying to exploit this...
> >
> > Best regards,
> > Bartosz Kwitkowski
> >
> >
>
>
> --
>
>
> ~pingywon MCSE
> http://www.pingywon.com
>
>
Received on Jul 12 2004
Intro
