UPDATED: the insider exploit( = the latest ie 0day which involves SHOWMODALDIALOG)

From: Liu Die Yu (liudieyu_at_umbrella.name)
Date: 01/11/05

  • Next message: Darren Bounds: "Multi-vendor AV gateway image inspection bypass vulnerability"
    Date: 11 Jan 2005 16:32:04 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    the insider exploit( = the latest ie 0day involving SHOWMODALDIALOG) was verified to work on winxp-en-pro-sp1-ms04004(MS04-004 = Q832894 = KB832894), but it does not work on winxp-en-pro-sp1-noextrapatch.

    jelmer's exploit is not perfect: URLs are hardcoded, and JSP is not popular. so i made this PHP version for copy-and-play:
    http://0daymon.org/monitor/insider/dir.zip

    =====
    i got it while preparing my collection of applicable IE 0day and related original posts:
    http://0daymon.org/monitor/
    that exploit doesn't work without that IE patch - quite weired, right?

    and those phishers and their tech support are not as wise as the media describes:
    1. they should have removed their code immediately after THE-INSIDER(RAFI from IS) published those URLs. but they still run their stuff to tell the whole world: "yes! we are criminals armed with 0day!"
    2. at that time most of home-user systems( = their targets) were not uptodate, which means most of them didn't have MS04-004 required for the exploit to successfully compromise themself.

    first i test, then i post :-)))


  • Next message: Darren Bounds: "Multi-vendor AV gateway image inspection bypass vulnerability"

    Relevant Pages

    • Re: How do I tell Word 2003 my mail-merge text is NOT UTF-8?
      ... supported by the tool in which the programs are developed (Borland Developer ... the data source come from a variety of places. ... of OpenDataSourcedoes not have an encoding parameter as Documents.Open ... If you are using Word 2000, that can't work because it doesn't support OLE ...
      (microsoft.public.word.mailmerge.fields)
    • Unicode text editor mined 2000 release 14
      ... Mined provides both extensive Unicode and CJK support offering many ... New command Alt-x toggles preceding character and its hexadecimal code. ... just determines and displays terminal encoding. ... supporting wide range of terminals ...
      (comp.editors)
    • Unicode text editor mined 2000 release 14
      ... Mined provides both extensive Unicode and CJK support offering many ... New command Alt-x toggles preceding character and its hexadecimal code. ... just determines and displays terminal encoding. ... supporting wide range of terminals ...
      (de.comp.editoren)
    • Re: [RFC PATCH 0/4] Implementation of IR support using the input subsystem
      ... Second pass at implementing evdev support for IR. ... Encoders and decoders have not been written for all protocols. ... For example thirty different vendors may use the NEC encoding. ...
      (Linux-Kernel)
    • Re: XMLHttpRequest: POST with Data
      ... contain only ASCII octets. ... When discussing character encoding, it should also be mentioned that not ... ECMAScript Support Matrix and similar kinds of research, ... ECMAScript Language Specification (HTML rendering). ...
      (comp.lang.javascript)