[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: IE Shell URI Download and Execute, POC

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
From: L33tPrincess <l33tprincess@xxxxxxxxx>
Date: Tue, 13 Jul 2004 19:33:38 -0700 (PDT)

Ferruh,
Is this a new variant (wscript.shell)?  Is the vulnerability mitigated by 
today's Microsoft patch?
 
 
 
Hello;

Code is based on http://www.securityfocus.com/archive/1/367878 (POC by
Jelmer) message. I just added a new feature "download" and then execute
application. Also I use Wscript.Shell in Javascript instead of
Shell.Application.

                
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!

Follow-Ups:
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
  - From: Ferruh Mavituna
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
  - From: Todd Towles

Prev by Date: RE: [Full-Disclosure] Windows XP "Security Upgrade" SP2
Next by Date: Re: [Full-Disclosure] SNMP Broadcasts
Previous by thread: [Full-Disclosure] HtmlHelp - .CHM File Heap Overflow
Next by thread: RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
Index(es):
- Date
- Thread