lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0I9A003LM3JAAO90@i_mtaout3.012.net.il>
From: avivra at 012.net.il (Aviv Raff)
Subject: YEY AGAIN Automatic remote compromise of
	InternetExplorer Service Pack 2 XP SP2

Hi,
 
Somehow the POC does not work on both of my WinXPSP2 pro boxes.
Both are fully patched, but one is hardened and the other is after a clean
install.
 
After running the POC, the IE opens the Help window, but then freezes for a
couple of minutes. 
After IE stops freezing, there is no Microsoft Office.hta on the startup
folder.
 
And yes, I'm running this on an Administrator account.
 
Can anyone else confirm this?
 
-- Aviv Raff
>From "Zen and the Art of Why Linux Sucks": "Ahh.. Can you smell the 'open
source' zealots in the morning?".
 
 


  _____  

From: full-disclosure-bounces@...ts.netsys.com
[mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf Of Michael
Evanchik
Sent: Friday, December 24, 2004 6:11 PM
To: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com;
NTBUGTRAQ@...TSERV.NTBUGTRAQ.COM; vuln@...nwatch.org
Subject: [Full-Disclosure] YEY AGAIN Automatic remote compromise of
InternetExplorer Service Pack 2 XP SP2



http://freehost07.websamba.com/greyhats/sp2rc-analysis.htm

Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise

Dec, 21 2004

Vulnerable
----------
- Microsoft Internet Explorer 6.0
- Microsoft Windows XP Pro SP2
- Microsoft Windows XP Home SP2

Not Tested
------------------------
- Microsoft Windows 98
- Microsoft Internet Explorer 5.x
- Microsoft Windows 2003 Server

Severity
---------
Critical - Remote code execution, no user intervention

Proof of Concept?
------------------
- http://freehost07.websamba.com/greyhats/sp2rc.htm

- If an error is shown, press OK. This is normal.

- Notice in your startup menu a new file called Microsoft Office.hta. When
run, this file will download and launch a harmless executable (which
includes a pretty neat fire animation) 

 

Michael Evanchik

Relationship1

p: 914-921-4400

f:  914-921-6007

mailto:mevanchik@...ationship1.com

web: http://www.relationship1.com

 

 

############################################################################
#########
This Mail Was Scanned by 012.net Anti Virus Service - Powered by TrendMicro
Interscan
	
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041225/f272e107/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ