| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0I9A003LM3JAAO90@i_mtaout3.012.net.il> From: avivra at 012.net.il (Aviv Raff) Subject: YEY AGAIN Automatic remote compromise of InternetExplorer Service Pack 2 XP SP2 Hi, Somehow the POC does not work on both of my WinXPSP2 pro boxes. Both are fully patched, but one is hardened and the other is after a clean install. After running the POC, the IE opens the Help window, but then freezes for a couple of minutes. After IE stops freezing, there is no Microsoft Office.hta on the startup folder. And yes, I'm running this on an Administrator account. Can anyone else confirm this? -- Aviv Raff >From "Zen and the Art of Why Linux Sucks": "Ahh.. Can you smell the 'open source' zealots in the morning?". _____ From: full-disclosure-bounces@...ts.netsys.com [mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf Of Michael Evanchik Sent: Friday, December 24, 2004 6:11 PM To: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com; NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM; vuln@...nwatch.org Subject: [Full-Disclosure] YEY AGAIN Automatic remote compromise of InternetExplorer Service Pack 2 XP SP2 http://freehost07.websamba.com/greyhats/sp2rc-analysis.htm Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise Dec, 21 2004 Vulnerable ---------- - Microsoft Internet Explorer 6.0 - Microsoft Windows XP Pro SP2 - Microsoft Windows XP Home SP2 Not Tested ------------------------ - Microsoft Windows 98 - Microsoft Internet Explorer 5.x - Microsoft Windows 2003 Server Severity --------- Critical - Remote code execution, no user intervention Proof of Concept? ------------------ - http://freehost07.websamba.com/greyhats/sp2rc.htm - If an error is shown, press OK. This is normal. - Notice in your startup menu a new file called Microsoft Office.hta. When run, this file will download and launch a harmless executable (which includes a pretty neat fire animation) Michael Evanchik Relationship1 p: 914-921-4400 f: 914-921-6007 mailto:mevanchik@...ationship1.com web: http://www.relationship1.com ############################################################################ ######### This Mail Was Scanned by 012.net Anti Virus Service - Powered by TrendMicro Interscan -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041225/f272e107/attachment.html
Powered by blists - more mailing lists