lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: mike at alanpickel.com (Michael Evanchik)
Subject: Re: Six Step IE Remote Compromise Cache Attack

yes as i said at the top microsoft quickly patched it.  The least they can do with their track record.
 
Mike
________________________________

From:	 Erwin Paternotte [mailto:e.paternotte@...ec-ss.nl]	
Sent:	 Fri 11/14/2003 10:56 AM	
To:	 Michael Evanchik	
Cc:	 liudieyuinchina@...oo.com.cn	
Subject:	 Re: [Full-Disclosure] Re: Six Step IE Remote Compromise Cache Attack	
 	

Michael Evanchik wrote:

> 1) take out the function name and brackets and all code below
> </script> in default.htm and save to make the start automatic
> 2) open MHT-ldy.mht and open it in notepad.
> 3) edit the 2 links for the .exe and the shell.htm (read step 4 on how
> that file is created) file 4o be the exact location of your exe and
> shell.htm on the server your hosting the pages(most likely you will
> need full access to the server and freehosts wont work)
> 5) change the base64 exe code to your own in MHT-ldy.mht and save
> 6) save it as shell.htm to the same location you have noted in MHT-ldy.mht
> 7) of course delete all the alert command lines in ScriptBodyJsp.asp
>
Hi,
I've tested your modifications as described above on a fully patched
Windows 2000 and IE. It seems the first step of the Six Step is blocked
by the cumulative patch included with MS03-048. I'm not sure if this is
due to the modifications you made or if this is the same for the
original Six Step. Do you know which of the vulnerabilities described in
MS03-048 are the same as the steps of the Six Step and are fixed by this
MS bulletin?

Thanks in advance for your time.

Regards,

Erwin.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031114/fb33c809/attachment.html

Powered by blists - more mailing lists