[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx, kingcope@xxxxxxx
- Subject: Re: [Full-disclosure] Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability
- From: Joxean Koret <joxeankoret@xxxxxxxx>
- Date: Fri, 23 Mar 2007 11:15:57 +0100 (CET)
Hi,
Did you test it using UNC paths? It may be a way to
truly execute arbitrary code.
Regards,
Joxean Koret
>Exploit:
>Send a HTML email message containing the URL:
><a href="c:/windows/system32/winrm?">Click here!</a>
>or
><a href="c:/windows/system32/migwiz?">Click here!</a>
>and winrm.cmd/migwiz.exe gets executed without asking
>for permission.
>These are just examples.
>
>I could not pass arguments to winrm (hehe this would
>be beautiful), but I guess there
>are several attack vectors.
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/