|
Vulnerability Development
mailing list archives
Re: help:// protocol in Windows XP Prof
From: "Bartosz Kwitkowski" <bartosz () wb pl>
Date: Sun, 11 Jul 2004 09:31:35 +0200
1. I have full patched Win XP
2.MS04-15 is for HCS -
http://www.microsoft.com/technet/security/bulletin/MS04-015.mspx
Vulnerability in Help and Support Center Could Allow Remote Code Execution
(840374)
i don't have any idea how could it patch thing with help:// protocol, and
the last thing - as i wrote, Microsoft says it is normal.
Best regards
Bartosz Kwitkowski
----- Original Message -----
From: "pingywon MCSE" <pingywon () gmail com>
To: "Bartosz Kwitkowski" <bartosz () wb pl>
Cc: <vuln-dev () securityfocus com>
Sent: Sunday, July 11, 2004 7:11 AM
Subject: Re: help:// protocol in Windows XP Prof
hate to be the one to break it to you guys but that was just patched
in ms04-15 by an exploit found by morning_wood.
www.illmob.org
On 6 Jul 2004 09:36:16 -0000, Bartosz Kwitkowski <bartosz () wb pl> wrote:
There is funny thing in Internet Explorer 6.0 - Windows XP Professional
(fully patched).
When you are writing address in IE you can replace http:// by help://
example:
http://wb.pl/bartosz = help://wb.pl/bartosz
and than hit <ENTER>... Page will open...
other...
help://www.securityfocus.com - looks funny, isn't? :-)
when IE opens page changes help:// to http://
BUT, BUT,
when you are create hyperlink <a href="help://wb.pl/bartosz">check</a>
it won't work - IE says syntax error...
I'm trying to exploit this...
Best regards,
Bartosz Kwitkowski
--
~pingywon MCSE
http://www.pingywon.com
 By Date 
By Thread
Current thread:
- RE: help:// protocol in Windows XP Prof, (continued)
|
Intro
