[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] What about M$ in the shell: race

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] What about M$ in the shell: race
From: "http-equiv@xxxxxxxxxx" <1@xxxxxxxxxxx>
Date: Sat, 10 Jul 2004 16:42:03 -0000


<!-- 

Every bit of real testing I've seen shows this is not a real 
vulnerability in IE. 

 -->

surely you jest.

It is the Key to the Kingdom. To quote the original finder, way 
back in June of 2003:

"allows remote attacker to traverse "Shell Folders" directories. 
A remote attacker is able to gain access to the path of the %
USERPROFILE% folder without guessing a target user name by this 
vulnerability."

shell:desktop

"C:\Documents and Settings\%USERNAME%\Desktop"

Perhaps you missed these "real" tests:

http://poc.homedns.org/execute.htm
http://62.131.86.111/security/idiots/malware2k/installer.htm


or maybe you didn't.


-- 
http://www.malware.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] What about M$ in the shell: race
  - From: Larry Seltzer

Prev by Date: RE: [Full-Disclosure] What about M$ in the shell: race
Next by Date: Re: [Full-Disclosure] Microsoft Faces Angry IE Users' Questions
Previous by thread: RE: [Full-Disclosure] What about M$ in the shell: race
Next by thread: RE: [Full-Disclosure] What about M$ in the shell: race
Index(es):
- Date
- Thread