| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <000b01c469b5$b47e2720$2001010a@msad.brookshires.net> From: toddtowles at brookshires.com (Todd Towles) Subject: Re: IE Shell URI Download and Execute, POC Depends on how Microsoft fixed IE. If they did the same thing as the ADODB patch from last week and just focused on the Shell.Application variant instead of the code IE problem, then it won't stop this WSH variant by L33tPrincess. Which I must say is a sweet name. =) -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of L33tPrincess Sent: Tuesday, July 13, 2004 9:34 PM To: bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Ferruh, Is this a new variant (wscript.shell)? Is the vulnerability mitigated by today's Microsoft patch? Hello; Code is based on http://www.securityfocus.com/archive/1/367878 (POC by Jelmer) message. I just added a new feature "download" and then execute application. Also I use Wscript.Shell in Javascript instead of Shell.Application. _____ Do you Yahoo!? New <http://us.rd.yahoo.com/mail_us/taglines/100/*http:/promotions.yahoo.com/new _mail/static/efficiency.html> and Improved Yahoo! Mail - 100MB free storage! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040714/40b97643/attachment.html
Powered by blists - more mailing lists