lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: tlarholm at pivx.com (tlarholm@...x.com) Subject: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV Naturally, this only works from a local security zone such as the My Computer zone. You cannot exploit the Shell.Application object from the Internet Zone where you get an explanatory "Permission Denied" error. This eases the process of abusing local security zone privileges but does not change that you could already download and execute files when inside a local security zone. If you want to "exploit" this from the Internet Zone you still need to rely on yet another cross-domain vulnerability to gain access to the My Computer zone where you could already use ADODB and codeBase to execute files. One more way to do the same, but definitely a more explanatory and simplistic approach ;) Naturally, locking down the My Computer zone prevents this exploit from working - personally, I would recommend installing Qwik-Fix and forget about command execution vulnerabilities in IE :) Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor@...x.com 949-231-8496 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> -----Original Message----- From: http-equiv@...ite.com [mailto:1@...ware.com] Sent: Thursday, January 01, 2004 2:42 PM To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV <snip http://lists.netsys.com/pipermail/full-disclosure/2004-January/015144.ht ml>
Powered by blists - more mailing lists