[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <005d01c28a24$63febd90$858370d4@thor2k>
From: lists.netsys.com at jscript.dk (Thor Larholm)
Subject: ZDnet forum: IE formatting local drive
It's a copy of the advisory from Sandblad, with a few bits changed.
http://online.securityfocus.com/archive/1/298924/2002-11-02/2002-11-08/1
http://online.securityfocus.com/archive/1/299094/2002-11-02/2002-11-08/1
http://online.securityfocus.com/archive/1/299330/2002-11-09/2002-11-15/1
http://online.securityfocus.com/archive/1/299230/2002-11-09/2002-11-15/1
Why is this even surprising people? For ages, you have been able to plant a
file on the users machine, locate its location, jump to a local security
zone and then execute the file. Sure, you skip 2 steps by using the HTMLHelp
Control, but the impact is the same - running arbitrary code.
Regards
Thor Larholm, Security Researcher
PivX Solutions, LLC
Are You Secure?
http://www.PivX.com
----- Original Message -----
From: "Alan Rouse" <ARouse@...b.com>
To: <Full-Disclosure@...ts.netsys.com>
Sent: Monday, November 11, 2002 7:29 PM
Subject: [Full-Disclosure] ZDnet forum: IE formatting local drive
> Format a local drive by visiting a URL from a fully patched Windows / IE
> platform. This appeared last night:
>
> http://forums.zdnet.com/group/zd.Security.Virus.Alerts/community/communi
> ty.tpt/@...ead@...85@F@1@D-,D@.../@...icle@...k@...85?EXP=ALL&VWM=&ROS=&
> OC=75
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists