[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200402101728.i1AHSUcA017333@web174.megawebservers.com>
Date: Tue, 10 Feb 2004 17:28:30 -0000
From: "http-equiv@...ite.com" <1@...ware.com>
To: <bugtraq@...urityfocus.com>
Cc: <NTBugtraq@...tserv.ntbugtraq.com>
Subject: Re: Possible new cross zone scripting in IE
<!--
Cheng Peng Su Wrote:
<a href="shell:My Music"
-->
Excellent ! The revival of the Pull's shell game:
"directoryInfo.html", ie the "file://::{CLSID}"
[see: http://www.securityfocus.com/bid/3867/]
The following on this so-called Microsoft Windows XP machine:
Control Panel
Administrative Tools
Cache
CD Burning
Cookies
Desktop
Favorites
Fonts
History
Application Data
Local Settings
My Music
My Pictures
My Video
NetHood
Personal [my documents]
PrintHood
Programs
Recent
SendTo
Start Menu
Startup
Templates
http://www.malware.com/shell.game.html
"Cache" can be very interesting
--
http://www.malware.com
Powered by blists - more mailing lists