[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <001401c39e38$852334a0$3200000a@pluto>
From: jkuperus at planet.nl (jelmer)
Subject: Re: Internet Explorer and Opera local zone
restriction bypass
I tried that and as I expected that doesn't work , it just prompts for
download.if you redirect to that file
I think your confused with the object-tag-in-localzone type of
vulnerabilities we had a while back, you could execute programs without
parameters with that. but thats nothing like this, or should I perhaps write
*NOTHING LIKE THIS!!!* ? as you seem to prefer caps, This vulnerability only
removes the restrictions that servicepack 1 brought, in disallowing access
to local urls
--jelmer
----- Original Message -----
From: "Bipin Gautam" <door_hUNT3R@...ckcodemail.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Wednesday, October 29, 2003 3:29 PM
Subject: [Full-Disclosure] Re: Internet Explorer and Opera local zone
restriction bypass
> try this ...
>
> its dam strange to see WINXP LOGOFF WITHOUT ASKING MY PERMISSION
>
> file://c:\windows\system32\logoff.exe
>
>
>
> _____________________________________________________________
> Secure mail ---> http://www.blackcode.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists