RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC

From: Ferruh Mavituna (ferruh_at_mavituna.com)
Date: 07/14/04

  • Next message: J.A. Terranson: "Re: [Full-Disclosure] SNMP Broadcasts"
    To: "'Todd Towles'" <toddtowles@brookshires.com>, "'L33tPrincess'" <l33tprincess@yahoo.com>, <bugtraq@securityfocus.com>, <full-disclosure@lists.netsys.com>
    Date: Wed, 14 Jul 2004 21:15:02 +0300
    
    

    The fun is MS says we fixed "shell" but it's still active for me.

    Ferruh.Mavituna
    http://ferruh.mavituna.com
    PGPKey : http://ferruh.mavituna.com/PGPKey.asc

    > -----Original Message-----
    > From: full-disclosure-admin@lists.netsys.com [mailto:full-disclosure-
    > admin@lists.netsys.com] On Behalf Of Todd Towles
    > Sent: Wednesday, July 14, 2004 6:18 PM
    > To: 'L33tPrincess'; bugtraq@securityfocus.com; full-
    > disclosure@lists.netsys.com
    > Subject: RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
    >
    > Depends on how Microsoft fixed IE. If they did the same thing as the ADODB
    > patch from last week and just focused on the Shell.Application variant
    > instead of the code IE problem, then it won't stop this WSH variant by
    > L33tPrincess. Which I must say is a sweet name. =)
    >
    >
    >
    >
    >
    > -----Original Message-----
    > From: full-disclosure-admin@lists.netsys.com [mailto:full-disclosure-
    > admin@lists.netsys.com] On Behalf Of L33tPrincess
    > Sent: Tuesday, July 13, 2004 9:34 PM
    > To: bugtraq@securityfocus.com; full-disclosure@lists.netsys.com
    > Subject: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
    >
    >
    >
    > Ferruh,
    >
    > Is this a new variant (wscript.shell)? Is the vulnerability mitigated by
    > today's Microsoft patch?
    >
    >
    >
    >
    >
    >
    >
    > Hello;
    >
    > Code is based on http://www.securityfocus.com/archive/1/367878 (POC by
    > Jelmer) message. I just added a new feature "download" and then execute
    > application. Also I use Wscript.Shell in Javascript instead of
    > Shell.Application.
    >
    > ________________________________
    >
    > Do you Yahoo!?
    > New and Improved Yahoo! Mail
    > <http://us.rd.yahoo.com/mail_us/taglines/100/*http:/promotions.yahoo.com/n
    > ew_mail/static/efficiency.html> - 100MB free storage!


  • Next message: J.A. Terranson: "Re: [Full-Disclosure] SNMP Broadcasts"

    Relevant Pages