[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040331083123.15713.qmail@www.securityfocus.com>
Date: 31 Mar 2004 08:31:23 -0000
From: roozbeh afrasiabi <roozbeh_afrasiabi@...oo.com>
To: bugtraq@...urityfocus.com
Subject: Re: IE ms-its: and mk:@MSITStore: vulnerability
In-Reply-To: <BAY17-F16uCddQiqWcB0001d6bb@...mail.com>
>What, exactly, is new about this?
I did my best to explain this with different pocs and giving a lot of detail but it seems i failed to address this well.The fact that internet explorer can access chm files using the two p-handlers when help has been initiated is new,the fact that some local resources can be used is also new,and execution of programs on local machine is not done using the old way.
to realize this better try testing the pocs by removing the line that opens help,what you will find out is that the script won't be able to run correctly and no programs will be run.
The pocs i have used in combination with mine were selected from those i thought would be detected by scanners so it won't be possible for people
to simply use them .I have given enough info between the lines for experienced readers too.
>and the second bit like something Arman Nayyeri posted [2]
if i am not mistaken his poc could only run winamp if it had been installed in some known location, while the changes i have made to it gives it the ability to run any program which its' MUICACHE name is known.
>The PoCs in section b) through g) appear to be implementations of the above .And the PoC in section h) seems related to Cert Advisory VU#489721 [3]
These were only included for reader's better understanding and to prove the fact that other programs (ms.products) which use internet explorer for opening html files can be exploited too (god i am giving you clues )
Powered by blists - more mailing lists