[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!]

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!]
From: "mikx" <mikx@xxxxxxx>
Date: Tue, 7 Sep 2004 21:06:03 +0200

"Alla Bezroutchko" wrote:

> Also interesting that they don't use

"a {behavior:url(#default#AnchorClick);}" in this exploit which seems to be an essential part of http-equiv's and mikx's exploits.

The key to all this exploits is drag'n'drop access to a local directory.

Since WinXP SP2 it's not possible to use "shell:startup" as src for an iframe, but it's possible to circumvent this restriction by using the AnchorClick behavior.

mikx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!]
  - From: Martin Stricker
- Re: [Full-Disclosure] Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!]
  - From: Alla Bezroutchko

Prev by Date: [Full-Disclosure] Re: Virus loading through ActiveX-Exploit
Next by Date: [Full-Disclosure] Short Paper on "the warez scene"
Previous by thread: Re: [Full-Disclosure] Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!]
Next by thread: Re: [Full-Disclosure] Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!]
Index(es):
- Date
- Thread