Date: Mon, 10 Nov 2003 18:35:20 +0300
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: Liu Die Yu <liudieyuinchina@...oo.com.cn>
Cc: bugtraq@...urityfocus.com
Subject: Re: IE: double slash moves cache from INTERNET zone to MYCOMPUTER zone


Dear Liu Die Yu,

In  my  case  (XPSP1  + IE6SP1 + all hotfixes) it doesn't work. Probably
it's older bug (same thing was with \\.\Drive:\)

--Wednesday, November 5, 2003, 1:31:53 PM, you wrote to bugtraq@...urityfocus.com:



LDY> double slash moves cache from INTERNET zone to MYCOMPUTER zone
LDY> ("that's all" is the end of file if you are in a hurry)

LDY> [tested]
LDY> OS:WinXp
LDY> Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/10/30

LDY> [technical detail]
LDY> copy an EXE file to your cache directory:
LDY> [SysDrive]:\Documents and Settings\[user_name]\Local Settings\Temporary Internet Files\Content.IE5\EXE.EXE
LDY> then try to use CODEBASE trick to execute that file (refer to http://continue.to/trie --> "codebase local path"), you'll get an error message.
LDY> however set CODEBASE to:
LDY> [SysDrive]:\\Documents and Settings\[user_name]\Local Settings\Temporary Internet Files\Content.IE5\EXE.EXE
LDY> (double slash after [SysDrive])
LDY> EXE.EXE in cache directory will be executed.

LDY> conclusion:
LDY> [SysDrive]:\Documents and Settings\[user_name]\Local Settings\Temporary Internet Files\Content.IE5\
LDY> is treated in INTERNET zone.
LDY> but
LDY> [SysDrive]:\\Documents and Settings\[user_name]\Local Settings\Temporary Internet Files\Content.IE5\
LDY> is treated in MYCOMPUTER zone.

LDY> that's all.

LDY> of course, it's added to "Unpatched IE Bugs" list maintained by me. here: http://continue.to/trie



LDY> [greeting]
LDY> greetings to:
LDY> the Pull, dror, guninski and mkill.

LDY> -----
LDY> all mentioned resources can always be found at UMBRELLA.MX.TC

LDY> [contact]
LDY> UMBRELLA.MX.TC ==> How to contact "Liu Die Yu"


-- 
~/ZARAZA
Пока вы во власти провидения, вам не удастся умереть раньше срока. (Твен)

Powered by blists - more mailing lists