lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8B32EDC90D8F4E4AB40918883281874D273CA0@pivxwin2k1.secnet.pivx.com>
Date: Fri, 2 Jan 2004 12:20:19 -0800
From: <tlarholm@...x.com>
To: <1@...ware.com>, <bugtraq@...urityfocus.com>
Cc: <NTBugtraq@...tserv.ntbugtraq.com>
Subject: RE:  Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV


Naturally, this only works from a local security zone such as the My
Computer zone. You cannot exploit the Shell.Application object from the
Internet Zone where you get an explanatory "Permission Denied" error.

This eases the process of abusing local security zone privileges but
does not change the fact that you could already download and execute
files when inside a local security zone. If you want to "exploit" this
from the Internet Zone you still need to rely on yet another
cross-domain vulnerability as well as a local file loading vulnerability
to gain access to the My Computer zone, where you could already use
ADODB and codeBase to execute files.

One more way to do the same, but definitely a more explanatory and
simplistic approach ;)

Naturally, locking down the My Computer zone prevents this exploit from
working - personally, I would recommend installing Qwik-Fix and forget
about command execution vulnerabilities in IE :)


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
949-231-8496

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix <http://www.qwik-fix.net> 

-----Original Message-----
From: http-equiv@...ite.com [mailto:1@...ware.com] 
Sent: Thursday, January 01, 2004 2:43 PM
To: bugtraq@...urityfocus.com
Cc: NTBugtraq@...tserv.ntbugtraq.com
Subject: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV

<snip
http://www.securityfocus.com/archive/1/348688/2003-12-30/2004-01-05/0>
<snip http://tinyurl.com/29bga>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ