lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200407141812.i6EIC7u12498@netsys.com>
Date: Wed, 14 Jul 2004 21:15:02 +0300
From: "Ferruh Mavituna" <ferruh@...ituna.com>
To: "'Todd Towles'" <toddtowles@...okshires.com>,
   "'L33tPrincess'" <l33tprincess@...oo.com>, <bugtraq@...urityfocus.com>,
   <full-disclosure@...ts.netsys.com>
Subject: RE: Re: IE Shell URI Download and Execute, POC


The fun is MS says we fixed "shell" but it's still active for me.

Ferruh.Mavituna
http://ferruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-
> admin@...ts.netsys.com] On Behalf Of Todd Towles
> Sent: Wednesday, July 14, 2004 6:18 PM
> To: 'L33tPrincess'; bugtraq@...urityfocus.com; full-
> disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
> 
> Depends on how Microsoft fixed IE. If they did the same thing as the ADODB
> patch from last week and just focused on the Shell.Application variant
> instead of the code IE problem, then it won't stop this WSH variant by
> L33tPrincess. Which I must say is a sweet name. =)
> 
> 
> 
> 
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-
> admin@...ts.netsys.com] On Behalf Of L33tPrincess
> Sent: Tuesday, July 13, 2004 9:34 PM
> To: bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com
> Subject: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
> 
> 
> 
> Ferruh,
> 
> Is this a new variant (wscript.shell)?  Is the vulnerability mitigated by
> today's Microsoft patch?
> 
> 
> 
> 
> 
> 
> 
> Hello;
> 
> Code is based on http://www.securityfocus.com/archive/1/367878 (POC by
> Jelmer) message. I just added a new feature "download" and then execute
> application. Also I use Wscript.Shell in Javascript instead of
> Shell.Application.
> 
> ________________________________
> 
> Do you Yahoo!?
> New and Improved Yahoo! Mail
> <http://us.rd.yahoo.com/mail_us/taglines/100/*http:/promotions.yahoo.com/n
> ew_mail/static/efficiency.html>  - 100MB free storage!


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ