lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3F86B222.3010603@jmu.edu>
From: flynngn at jmu.edu (Gary Flynn)
Subject: Internet Explorer (BAN IT !!!)


jelmer wrote:

> just looked at it, the authors messed up , so no it shouldn't work,  it
> doesn't work here
> 
> they didn't get that error.jsp  is a java server page (something roughly
> equivalent to asp and php) that sets the response code to something that
> triggers the  res file to be loaded

The exploit worked fine here on an XP Home machine with all patches
and the latest version of I.E. I changed the executable that ran to
ipconfig.exe so I knew what would be running on my computer. I could
see the window open, saw the output of ipconfig.exe flash by, and
the wmplayer.exe file was replaced by the contents of ipconfig.exe.

If the IE configuration was changed to disallow opening content in
the media bar, then the error.jsp page was called which resulted
in a 404. I cannot say for certain that ipconfig.exe did not run but
I didn't see it and the wmplayer.exe file was unchanged. Similar results
were seen logging in as a non administor user account.

The I.E. configuration change is shown here:
http://www.jmu.edu/computing/security/info/iebug.shtml

I am not familiar enough with the exploit mechanisms to
determine how effective this is but I suspect not very
except against the script kiddies that will cut and paste
the posted exploit.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ