RE: [Full-Disclosure] What about M$ in the shell: race
http-equiv_at_excite.com
Date: 07/10/04
- Previous message: Larry Seltzer: "RE: [Full-Disclosure] What about M$ in the shell: race"
- Maybe in reply to: Perrymon, Josh L.: "[Full-Disclosure] What about M$ in the shell: race"
- Next in thread: Larry Seltzer: "RE: [Full-Disclosure] What about M$ in the shell: race"
- Reply: Larry Seltzer: "RE: [Full-Disclosure] What about M$ in the shell: race"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com> Date: Sat, 10 Jul 2004 16:42:03 -0000
<!--
Every bit of real testing I've seen shows this is not a real
vulnerability in IE.
-->
surely you jest.
It is the Key to the Kingdom. To quote the original finder, way
back in June of 2003:
"allows remote attacker to traverse "Shell Folders" directories.
A remote attacker is able to gain access to the path of the %
USERPROFILE% folder without guessing a target user name by this
vulnerability."
shell:desktop
"C:\Documents and Settings\%USERNAME%\Desktop"
Perhaps you missed these "real" tests:
http://poc.homedns.org/execute.htm
http://62.131.86.111/security/idiots/malware2k/installer.htm
or maybe you didn't.
-- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Larry Seltzer: "RE: [Full-Disclosure] What about M$ in the shell: race"
- Maybe in reply to: Perrymon, Josh L.: "[Full-Disclosure] What about M$ in the shell: race"
- Next in thread: Larry Seltzer: "RE: [Full-Disclosure] What about M$ in the shell: race"
- Reply: Larry Seltzer: "RE: [Full-Disclosure] What about M$ in the shell: race"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
