lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <002201c469cf$2db415a0$2001010a@msad.brookshires.net>
Date: Wed, 14 Jul 2004 13:20:01 -0500
From: "Todd Towles" <toddtowles@...okshires.com>
To: "'Ferruh Mavituna'" <ferruh@...ituna.com>,
   "'L33tPrincess'" <l33tprincess@...oo.com>, <bugtraq@...urityfocus.com>,
   <full-disclosure@...ts.netsys.com>
Subject: RE: Re: IE Shell URI Download and Execute, POC


Once again, they are trying to patch the attack vector used instead of the
core IE problem itself (which is directly related to it being tied into the
OS level). I was once very pro-microsoft SMS Admin for my company but it is
getting out of hand. 

If you patch a hole, instead of a vector, then L33tPrincess wouldn't be able
to add a couple of lines to the code and change the vector to make the
exploit workable in like 10 mins.

It is like they are throwing the media and the mass public trash "fix" to
make them happy while people like us shake our heads at what the public
doesn't know. The multiple patches for the same problem with different MS
numbers, it is a sad thing.

-----Original Message-----
From: Ferruh Mavituna [mailto:ferruh@...ituna.com] 
Sent: Wednesday, July 14, 2004 1:15 PM
To: 'Todd Towles'; 'L33tPrincess'; bugtraq@...urityfocus.com;
full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC

The fun is MS says we fixed "shell" but it's still active for me.

Ferruh.Mavituna
http://ferruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-
> admin@...ts.netsys.com] On Behalf Of Todd Towles
> Sent: Wednesday, July 14, 2004 6:18 PM
> To: 'L33tPrincess'; bugtraq@...urityfocus.com; full-
> disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
> 
> Depends on how Microsoft fixed IE. If they did the same thing as the ADODB
> patch from last week and just focused on the Shell.Application variant
> instead of the code IE problem, then it won't stop this WSH variant by
> L33tPrincess. Which I must say is a sweet name. =)
> 
> 
> 
> 
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-
> admin@...ts.netsys.com] On Behalf Of L33tPrincess
> Sent: Tuesday, July 13, 2004 9:34 PM
> To: bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
> 
> 
> 
> Ferruh,
> 
> Is this a new variant (wscript.shell)?  Is the vulnerability mitigated by
> today's Microsoft patch?
> 
> 
> 
> 
> 
> 
> 
> Hello;
> 
> Code is based on http://www.securityfocus.com/archive/1/367878 (POC by
> Jelmer) message. I just added a new feature "download" and then execute
> application. Also I use Wscript.Shell in Javascript instead of
> Shell.Application.
> 
> ________________________________
> 
> Do you Yahoo!?
> New and Improved Yahoo! Mail
> <http://us.rd.yahoo.com/mail_us/taglines/100/*http:/promotions.yahoo.com/n
> ew_mail/static/efficiency.html>  - 100MB free storage!


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ