| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <OFCAB1992B.0128BADD-ON88256E68.0068AFD5-88256E68.006955FC@2roads.com> Date: Wed, 31 Mar 2004 11:10:31 -0800 From: mgotts@...ads.com To: roozbeh afrasiabi <roozbeh_afrasiabi@...oo.com> Cc: bugtraq@...urityfocus.com Subject: Re: new internet explorer exploit (was new worm) I might not be understanding this correctly. On a test machine, I clicked on the link provided. It does successfully copy "x.chm" file to c:\\ . But I then see the error message "This operation can only function within HTML help". Is the error message meaningless, and x.chm did it's thing. Or is the processing stopped unsuccessfully with a failure after x.chm was copied? Or is the error because x.chm is strictly a demonstration? Help me understand this. Thanks. roozbeh afrasiabi <roozbeh_afrasiabi@...oo.com> 03/31/2004 07:50 AM To bugtraq@...urityfocus.com cc Subject Re: new internet explorer exploit (was new worm) I have made little changes to the exploit jelmer coded,and now it can run any program with parameters on victim's system (executable's path or MUICACHE name must be known)it can download other files to victim's system ,it is also possible to run files using their bond programs( if 1001001.xls is placed on victim's system it will be opened using excel automaticlly god this ****). The exploit places a chm file (x.chm) on victim's c:\\ directory,everything else is done using this chm file, it has access to most programs on victim's system so it can do much more than a virus could do. cmd+dir: http://www.freewebs.com/roozbeh_afrasiabi/exc.htm ForwardSourceID:NT000819CE
Powered by blists - more mailing lists