lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <8B32EDC90D8F4E4AB40918883281874D523157@pivxwin2k1.secnet.pivx.com>
From: thor at pivx.com (Thor Larholm)
Subject: IE exploit going around on irc

I'm sorry, I thought you were already aware of the text/x-scriptlet
object variation of Ibiza which was exploited in the wild before Ibiza
was even discussed on Bugtraq - I assumed you would catch my reference
to this. Either way, this is still the ms-its/ms-itss CHM issue
regardless of how you trigger it.

My bad, I will elaborate further in the future so we can avoid
discussing semantics.



Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 
-----Original Message-----
From: Jelmer [mailto:jkuperus@...net.nl] 
Sent: Tuesday, April 06, 2004 2:05 PM
To: Thor Larholm; David Jacoby; full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] IE exploit going around on irc


> What Niek forwarded is using the Ibiza CHM exploit that deals with 
> improper privileges gained through the ms-its/ms-itss URL protocol 
> handlers which is still unpatched.


Bzzzzt wrong

It's a variation of the ibiza exploit, the ibiza exploit didn't work on
XP SP1,  I know so because I checked at the time and yes this variation
is still unpatched



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ