[Full-Disclosure] Windows (XP SP2): Remotely Code Execution with Parameters (Updated)

[ShredderSub7 <shreddersub7@xxxxxxxxx>]

Hi all,
a few days ago, I released a PoC from an exploit that can allow code execution 
from a webpage.
Some people asked me if it is possible to execute a random file, that comes 
from the Internet.
Now, I updated this PoC and it is possible to execute a malware file from the 
Internet.
http://freehost19.websamba.com/shreddersub7/cmdexe.htm (PoC, installs and opens 
2 files called "cmdexe.exe" and "cmdexe.hta" into your root C-drive).
This new PoC works very similar to the old one (which you can still find at 
http://freehost19.websamba.com/shreddersub7/htm.htm).
The new PoC actually uses the old PoC multiple times, it is build in 3 fases:
The first fase will be used to write the HTML application "cmdexe.hta" to your 
C-drive. If you want to know how this is done, I refer to the website of 
Michael Evanchik (http://www.michaelevanchik.com), because he was the first 
person who founded this writing method (btw, thanks!).
The second fase is very similar to the first one: it opens the file 
"cmdexe.hta" and it will write the malware file "cmdexe.exe" also to your 
C-drive.
The third fase then is based on my older exploit 
(http://freehost19.websamba.com/shreddersub7/htm.htm, Remote Code Execution), 
it will open the file "C:\cmdexe.exe". For more info about that third fase, I 
refer to my own explanation found at 
http://freehost19.websamba.com/shreddersub7/expl-discuss.htm.
 
So, for the PoC about Remote Malware Code Execution with Parameters:
http://freehost19.websamba.com/shreddersub7/cmdexe.htm
 
Contact:
shreddersub7_at_yahoo.com (replace "_at_" with "@" off course)
 
Regards,
shreddersub7

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html