[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Windows (XP SP2) Remote code execution with parameters

To: ShredderSub7 SecExpert <shreddersub7@xxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] Windows (XP SP2) Remote code execution with parameters
From: "Goencz, Otto" <OGoencz@xxxxxxx>
Date: Tue, 28 Dec 2004 08:22:21 -0500

On my box, WinXP with SP2, the PoC worked as described...

-----Original Message-----
From: ShredderSub7 SecExpert [mailto:shreddersub7@xxxxxxxxxxx] 
Sent: Monday, December 27, 2004 7:24 PM
To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Windows (XP SP2) Remote code execution with
parameters

PoC (called CMDExe): http://www.freewebs.com/shreddersub7/htm.htm
Discussion: http://www.freewebs.com/shreddersub7/expl-discuss.htm

------------------Which systems are vulnerable?--------
Any system running any Microsoft Windows XP edition with Internet Explorer 6

or higher, even with SP2 applied.
Any system running any Microsoft Windows Server 2003 edition with Internet 
Explorer 6 or higher.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] Netsys Mailman Probes due to Illegal Attachments
Next by Date: [Full-Disclosure] unexplained crashes of named
Previous by thread: Re: [Full-Disclosure] Windows (XP SP2) Remote code executionwithparameters
Next by thread: [Full-Disclosure] BUG FIX Remote compromise of Internet Explorer Service Pack 2 XP SP2
Index(es):
- Date
- Thread