Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV

tlarholm_at_PIVX.COM
Date: 01/02/04

  • Next message: A.Denter: "Free Buffer Overflow Protection Software for Windows 2000/XP/2003 Systems" 
    Date:         Fri, 2 Jan 2004 12:20:19 -0800
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Naturally, this only works from a local security zone such as the My
    Computer zone. You cannot exploit the Shell.Application object from the
    Internet Zone where you get an explanatory "Permission Denied" error.

    This eases the process of abusing local security zone privileges but
    does not change the fact that you could already download and execute
    files when inside a local security zone. If you want to "exploit" this
    from the Internet Zone you still need to rely on yet another
    cross-domain vulnerability as well as a local file loading vulnerability
    to gain access to the My Computer zone, where you could already use
    ADODB and codeBase to execute files.

    One more way to do the same, but definitely a more explanatory and
    simplistic approach ;)

    Naturally, locking down the My Computer zone prevents this exploit from
    working - personally, I would recommend installing Qwik-Fix and forget
    about command execution vulnerabilities in IE :)

    Regards

    Thor Larholm
    Senior Security Researcher
    PivX Solutions
    24 Corporate Plaza #180
    Newport Beach, CA 92660
    http://www.pivx.com
    thor@pivx.com
    949-231-8496

    PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
    Qwik-Fix <http://www.qwik-fix.net>

    -----Original Message-----
    From: http-equiv@excite.com [mailto:1@malware.com]
    Sent: Thursday, January 01, 2004 2:43 PM
    To: bugtraq@securityfocus.com
    Cc: NTBugtraq@listserv.ntbugtraq.com
    Subject: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV

    <snip
    http://www.securityfocus.com/archive/1/348688/2003-12-30/2004-01-05/0>
    <snip http://tinyurl.com/29bga>

    -----
    Editor's Note: The 43rd Most Powerful Person in Networking says...

    Marcus Ranum's new book "The Myth of Homeland Security" is now out and is available from http://www.amazon.com/ranum In this hard-hitting review of the homeland security business, Ranum shows us how the problem is vastly harder than it's being made to sound, and how special interests, *** covering, and bureaucracy are threatening to derail any chance of making progress.
    -----

  • Next message: A.Denter: "Free Buffer Overflow Protection Software for Windows 2000/XP/2003 Systems"
    • Quantcast