RE: [Full-Disclosure] What about M$ in the shell: race

http-equiv_at_excite.com
Date: 07/10/04

  • Next message: bipin gautam: "Re: [Full-Disclosure] Microsoft Faces Angry IE Users' Questions"
    To: <full-disclosure@lists.netsys.com>
    Date: Sat, 10 Jul 2004 16:42:03 -0000
    
    

    <!--

    Every bit of real testing I've seen shows this is not a real
    vulnerability in IE.

     -->

    surely you jest.

    It is the Key to the Kingdom. To quote the original finder, way
    back in June of 2003:

    "allows remote attacker to traverse "Shell Folders" directories.
    A remote attacker is able to gain access to the path of the %
    USERPROFILE% folder without guessing a target user name by this
    vulnerability."

    shell:desktop

    "C:\Documents and Settings\%USERNAME%\Desktop"

    Perhaps you missed these "real" tests:

    http://poc.homedns.org/execute.htm
    http://62.131.86.111/security/idiots/malware2k/installer.htm

    or maybe you didn't.

    -- 
    http://www.malware.com
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: bipin gautam: "Re: [Full-Disclosure] Microsoft Faces Angry IE Users' Questions"

    Relevant Pages