lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY17-F5Y3VeI4ks6AM00023ec7@hotmail.com>
From: lise_moorveld at hotmail.com (Lise Moorveld)
Subject: Yet another reason not to use IE!  Old news?

Hi,

>Just visited a well known site (Wired.com) and had a nice little piece of 
>code cause the page that I was reading to go blank – DNS error page.
>Here’s the offending code (parentheses instead of slashes to not cause AV 
>scanning issues) and thank God I wasn’t using XP:
>
>ms-its:c:((windows(Help(iexplore.chm::)iegetsrt.htm

Correct me if I'm wrong, but the only thing this bit of code does is open
a local file taken from a local CHM file.

Jelmer mentioned this bit of code in his recent analysis:
http://62.131.86.111/analysis.htm

Apparently, the trick is that it is opened in the Local Computer Zone and
that, if you know a cross-zone scripting vulnerability, you can inject
malicious scripting code into the local file and have it executed in the
security context of the Local Computer Zone.

So what would be really interesting is finding the code in the banner that
performs the cross-zone scripting.

Also, in the analysis of Jelmer, the local file is opened using the
Location: header. I'm not sure what it means if a banner can alter
headers? Would it mean the banner server is compromised?

Any ideas anyone?

-- Lise

_________________________________________________________________
Hotmail en Messenger on the move 
http://www.msn.nl/communicatie/smsdiensten/hotmailsmsv2/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ