[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] BUG FIX Remote compromise of Internet Explorer Service Pack 2 XP SP2

To: <bugtraq@xxxxxxxxxxxxxxxxx>, <NTBUGTRAQ@xxxxxxxxxxxxxxxxxxxxxx>, <vulnwatch@xxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>, <Exploits@xxxxxxxxxx>, <Vuln@xxxxxxxxxx>, <send-us-news-tips@xxxxxxxx>
Subject: [Full-Disclosure] BUG FIX Remote compromise of Internet Explorer Service Pack 2 XP SP2
From: "Michael Evanchik" <Mike@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 27 Dec 2004 17:53:57 -0500

Had a mistake in my code o well.  Works now

PoC: http://www.michaelevanchik.com/security/microsoft/ie/xss/index.html

http://www.michaelevanchik.com/security/microsoft/ie/xss/writehta.txt <--  
avp's should add this



Here is some new adodb code AVP's should add.  No longer needed to connect to 
external source.  Malicious recordset can be built locally.


www.michaelevanchik.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] IE sp2 and Mozilla Firefox DoS.
Next by Date: [Full-Disclosure] MDKSA-2004:158 - Updated samba packages fix integer overflow vulnerabilities
Previous by thread: RE: [Full-Disclosure] Windows (XP SP2) Remote code execution with parameters
Next by thread: [Full-Disclosure] MDKSA-2004:158 - Updated samba packages fix integer overflow vulnerabilities
Index(es):
- Date
- Thread