>>http://poc.homedns.org/execute.htm >>http://62.131.86.111/security/idiots/malware2k/installer.htm
I don't think of the Shell.Application exploit as the same thing as the shell: link exploit. Am I missing something? >>shell:desktop This really doesn't impress me. I don't see this as an attack at all, unless you can find a way to overflow the folder or something like that. Can you actually run code this way, as was easy to do with Mozilla with a simple shell:folder\\foo.exe? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
