RE: [Full-Disclosure] Re: Six Step IE Remote Compromise Cache Attack

From: Michael Evanchik (mike_at_alanpickel.com)
Date: 11/14/03

  • Next message: Adam Laurie: "[Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data"
    To: "Erwin Paternotte" <e.paternotte@itsec-ss.nl>, <full-disclosure@lists.netsys.com>
    Date: Fri, 14 Nov 2003 13:14:10 -0500
    
    

    yes as i said at the top microsoft quickly patched it. The least they can do with their track record.
     
    Mike
    ________________________________

    From: Erwin Paternotte [mailto:e.paternotte@itsec-ss.nl]
    Sent: Fri 11/14/2003 10:56 AM
    To: Michael Evanchik
    Cc: liudieyuinchina@yahoo.com.cn
    Subject: Re: [Full-Disclosure] Re: Six Step IE Remote Compromise Cache Attack
             

    Michael Evanchik wrote:

    > 1) take out the function name and brackets and all code below
    > </script> in default.htm and save to make the start automatic
    > 2) open MHT-ldy.mht and open it in notepad.
    > 3) edit the 2 links for the .exe and the shell.htm (read step 4 on how
    > that file is created) file 4o be the exact location of your exe and
    > shell.htm on the server your hosting the pages(most likely you will
    > need full access to the server and freehosts wont work)
    > 5) change the base64 exe code to your own in MHT-ldy.mht and save
    > 6) save it as shell.htm to the same location you have noted in MHT-ldy.mht
    > 7) of course delete all the alert command lines in ScriptBodyJsp.asp
    >
    Hi,
    I've tested your modifications as described above on a fully patched
    Windows 2000 and IE. It seems the first step of the Six Step is blocked
    by the cumulative patch included with MS03-048. I'm not sure if this is
    due to the modifications you made or if this is the same for the
    original Six Step. Do you know which of the vulnerabilities described in
    MS03-048 are the same as the steps of the Six Step and are fixed by this
    MS bulletin?

    Thanks in advance for your time.

    Regards,

    Erwin.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Adam Laurie: "[Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data"

    Relevant Pages