Re: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

Matthew Murphy wrote: snip Well, the problem with ADODB.Stream wasn't executing files, it was writing them to disk. ... Exactly. ADODB.Stream is just doing what it is supposed to. The problem is that code loaded from the Internet zone is just not supposed to be allowed to get access to

RE: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

] [mailto:[EMAIL PROTECTED] On Behalf Of Helmut Hauser Sent: vrijdag 2 juli 2004 18:39 To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=4d05 6748-c538-46f6-b7c8

[Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=4d056748-c538-46f6-b7c8-2fbfd0d237e3 Better late than never ... Helmut Hauser ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=4d05 6748-c538-46f6-b7c8-2fbfd0d237e3 Better late than never ... Helmut Hauser ___ Full-Disclosure - We believe

Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

Sent: vrijdag 2 juli 2004 18:39 To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out http://www.microsoft.com/downloads/details.aspx?displaylang=enFamilyID=4d05 6748-c538-46f6-b7c8-2fbfd0d237e3 Better late than never ... Helmut Hauser

RE: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

:[EMAIL PROTECTED] On Behalf Of William Warren Sent: vrijdag 2 juli 2004 20:47 To: Jelmer Cc: 'Helmut Hauser'; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out this returns an error..is that all it is supposed to do? Jelmer wrote: Too bad it won't do

Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

PROTECTED] Subject: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out this returns an error..is that all it is supposed to do? Jelmer wrote: Too bad it won't do you one ounce any good http://62.131.86.111/security/idiots/malware2k/installer.htm Credit: http-equiv -Original

Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

: http-equiv -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Helmut Hauser Sent: vrijdag 2 juli 2004 18:39 To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out http://www.microsoft.com

Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

] [mailto:[EMAIL PROTECTED] On Behalf Of William Warren Sent: vrijdag 2 juli 2004 20:47 To: Jelmer Cc: 'Helmut Hauser'; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out this returns an error..is that all it is supposed to do? Jelmer wrote: Too bad

RE: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

] [mailto:[EMAIL PROTECTED] On Behalf Of William Warren Sent: vrijdag 2 juli 2004 20:47 To: Jelmer Cc: 'Helmut Hauser'; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out this returns an error..is that all it is supposed to do? Jelmer wrote

Re: Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

Jelmer writes: Because we avoid the adodb.stream issue all together, You can patch it, but if you leave open other issues, well it's pointless Instead we just swap in this instead of the old shellcode: [snip PoC] Well, the problem with ADODB.Stream wasn't executing files, it was writing them

Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

!-- The real fault doesn't belong with individual components (ADODB.Stream included), and I think the almost rant-like posts of Drew Copeley and HTTP-EQUIV miss this fact. ADODB.Stream does *not* represent a vulnerability, although it does act to significantly worsen the impact of an

Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

!-- ActiveXObject(Shell.Application); obj.ShellExecut(mshta.exe,about:scriptvar wsh=new ActiveXObject('WScript.Shell');wsh.RegWrite ('HKCR\exefile\EditFlags', 0x3807, REG_BINARY);) /scriptiframe src=foo.exe); -- On quick reflection, I completely missed Matthew's point. It's

Betr.: Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out

still have to contend with mshta.exe calling out through the iframe and more than likely firewalled long ago, so use it to write the registry to kill the download warning, then use it set the browser home page as http://www/foo.exe, that or the default search engine. tons of