lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: lise_moorveld at (Lise Moorveld)
Subject: IE exploit going around on irc


What I find interesting is that SecurityFocus links the "IE ms-its: and 
mk:@MSITStore: vulnerability" paper by Roozbeh Afrasiabi ( ) to the "Microsoft Internet 
Explorer Unspecified CHM File Processing Arbitrary Code Execution 
Vulnerability (bid 9658)" posting by K-otic ( ).
They do this in BID 9658 ( ).

I think SecurityFocus got this wrong...

The issue referred to by K-otic is the exploit where you use a non-existant 
mht file and an exclamation mark like so:
also described in Cert advisory VU#323070 ( )
and CVE ID: CAN-2004-0380

... Roozbeh Afrasiabi doesn't use this construction anywhere in his paper... 
  what he DOES use, however (amongst others), is the directory-traversal 
style thingy:
Now, I don't claim to fully grasp the Roozbeh paper either, but he does make 
a reference to Arman Nayyeri, and what I think is the following post: "IE 
5.x-6.0 allows executing arbitrary programs using showHelp()" ( )
Oh, and Nayyeri claims Jelmer helped him with this, so Jelmer might be able 
to shed some light :)

To return to this thread, the original posting by Niek Baakman mentions the 
exclamation mark issue

And in a reply, Thor refers to the directory traversal-style issue (or at 
least the Roozbeh paper):

Anyway, do you guys think I'm right in thinking these are seperate issues?



Limited-time offer: Fast, reliable MSN 9 Dial-up Internet access FREE for 2 

Powered by blists - more mailing lists