Full Disclosure mailing list archives
Re: Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!]
From: "mikx" <mikx () mikx de>
Date: Tue, 7 Sep 2004 21:06:03 +0200
"Alla Bezroutchko" wrote:
> Also interesting that they don't use
"a {behavior:url(#default#AnchorClick);}"
in this exploit which seems to be an essential part of http-equiv's and
mikx's exploits.
The key to all this exploits is drag'n'drop access to a local directory.Since WinXP SP2 it's not possible to use "shell:startup" as src for an iframe, but it's possible to circumvent this restriction by using the AnchorClick behavior.
mikx _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!] Martin Stricker (Sep 07)
- Re: Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!] Alla Bezroutchko (Sep 07)
- Re: Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!] mikx (Sep 07)
- <Possible follow-ups>
- Re: Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!] http-equiv () excite com (Sep 09)
- Re: Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!] Alla Bezroutchko (Sep 07)