lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: lists.netsys.com at jscript.dk (Thor Larholm) Subject: ZDnet forum: IE formatting local drive It's a copy of the advisory from Sandblad, with a few bits changed. http://online.securityfocus.com/archive/1/298924/2002-11-02/2002-11-08/1 http://online.securityfocus.com/archive/1/299094/2002-11-02/2002-11-08/1 http://online.securityfocus.com/archive/1/299330/2002-11-09/2002-11-15/1 http://online.securityfocus.com/archive/1/299230/2002-11-09/2002-11-15/1 Why is this even surprising people? For ages, you have been able to plant a file on the users machine, locate its location, jump to a local security zone and then execute the file. Sure, you skip 2 steps by using the HTMLHelp Control, but the impact is the same - running arbitrary code. Regards Thor Larholm, Security Researcher PivX Solutions, LLC Are You Secure? http://www.PivX.com ----- Original Message ----- From: "Alan Rouse" <ARouse@...b.com> To: <Full-Disclosure@...ts.netsys.com> Sent: Monday, November 11, 2002 7:29 PM Subject: [Full-Disclosure] ZDnet forum: IE formatting local drive > Format a local drive by visiting a URL from a fully patched Windows / IE > platform. This appeared last night: > > http://forums.zdnet.com/group/zd.Security.Virus.Alerts/community/communi > ty.tpt/@...ead@...85@F@1@D-,D@.../@...icle@...k@...85?EXP=ALL&VWM=&ROS=& > OC=75 > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists