Re: HijackClick 3

From: Drew Copley (dcopley_at_EEYE.COM)
Date: 07/13/04

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)"
    Date:         Tue, 13 Jul 2004 12:00:46 -0700
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

     

    > -----Original Message-----
    > From: Thor Larholm [mailto:tlarholm@pivx.com]
    > Sent: Tuesday, July 13, 2004 11:04 AM
    > To: Windows NTBugtraq Mailing List
    > Cc: Drew Copley
    > Subject: RE: HijackClick 3
    >
    > > From: Drew Copley
    > > In fact, I don't think there has been a bug in about ten
    > > months (coincidentally) that does not rely on either Jelmer's
    > > adodb bug or your shell.application bug.
    >
    > I'm sorry, but did everybody suddenly forget about codeBase command
    > execution? Use a non-existant GUID for your OBJECT's classid and point
    > the codeBase attribute to the executable you want launched.

    You can not pass parameters to the command line app.

    You can run calc.exe or whatever, sure, but that is just a toy.

    If you are aware of an open bug that allows this to be
    exploited to run code of an attacker's choice, let me know.

    (Not to mention that they have long since restricted the object
    tag.)

    I am surprised no one can name such a bug. I don't even involve
    IE in my job much.

    Ten months... to be specific, actually, it is longer. Since last
    August. Almost a year. Surely, I am wrong.

    I guess Brett Moore's just released bug breaks this. Though,
    it might be said Jouko's Outlook issue did. Two seasoned
    professionals.

    Anyway, someone correct me here.

    <snip>

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----


  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)"

    Relevant Pages

    • Re: [off topic]Strange Behaviour -- adding printf change the progra execution
      ... i just simply adding few debug like below and it changes program ... and a corresponding delay in the execution of other ... The problem is, if you've got a bug in your code, it has a pretty good ... source code, making it harder to detect the real defect. ...
      (comp.lang.c)
    • [Full-disclosure] CVE-2013-4788 - Eglibc PTR MANGLE bug
      ... This bug was discovered in March 2013 while we were developing the RAF SSP ... is always zero) of the "pointer guard" by the glibc only when generating ... longjmpis called and the execution flow is redirected to attacker ... The goal of the protection technique is not ...
      (Full-Disclosure)
    • CVE-2013-4788 - Eglibc PTR MANGLE bug
      ... This bug was discovered in March 2013 while we were developing the RAF SSP ... is always zero) of the "pointer guard" by the glibc only when generating ... longjmpis called and the execution flow is redirected to attacker ... The goal of the protection technique is not ...
      (Bugtraq)
    • Addendum Re: Internet Explorer Pop-Up OBJECT Tag Bug
      ... adding an addendum about the bug which Dave ... able to control the execution of software). ... Download unsigned Activex controls - Disable ... Safe for Scripting - Disable ...
      (Bugtraq)
    • Re: Switch statement help
      ... Also remember a very annoying cross-language bug in switch ... It's like having to put break after each function body so execution ... function bar() { ... maybe to have a flag to "continue" execution of underlaying branches - ...
      (comp.lang.javascript)