lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040331083123.15713.qmail@www.securityfocus.com>
Date: 31 Mar 2004 08:31:23 -0000
From: roozbeh afrasiabi <roozbeh_afrasiabi@...oo.com>
To: bugtraq@...urityfocus.com
Subject: Re: IE ms-its: and mk:@MSITStore: vulnerability


In-Reply-To: <BAY17-F16uCddQiqWcB0001d6bb@...mail.com>

>What, exactly, is new about this?

I did my best to explain this with different pocs and giving a lot of detail but it seems i failed to address this well.The fact that internet explorer can access chm files using the two p-handlers when help has been initiated is new,the fact that some local resources can be used is also new,and execution of programs on local machine is not done using the old way.
to realize this better try testing the pocs by removing the line that opens help,what you will find out is that the script won't be able to run correctly and no programs will be run.

The pocs i have used in combination with mine were selected from those i thought would be detected by scanners so it won't be possible for people 
to simply use them .I have given enough info between the lines for experienced readers too.


>and the second bit like something Arman Nayyeri posted [2]
if i am not mistaken his poc could only run winamp if it had been installed in some known location, while the changes i have made to it gives it the ability to run any program which its' MUICACHE name is known.


>The PoCs in section b) through g) appear to be implementations of the above .And the PoC in section h) seems related to Cert Advisory VU#489721 [3]

These were only included for reader's better understanding and to prove the fact that other programs (ms.products) which use internet explorer for opening html files can be exploited too (god i am giving you clues )





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ