> Is the vulnerability mitigated by > today's Microsoft patch? Both of POCs are working well (at least in my system -W2K3 all patches-) after recent MS patches.
Can anyone confirm this ? Ferruh.Mavituna http://ferruh.mavituna.com PGPKey : http://ferruh.mavituna.com/PGPKey.asc > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:full-disclosure- > [EMAIL PROTECTED] On Behalf Of L33tPrincess > Sent: Wednesday, July 14, 2004 5:34 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC > > Ferruh, > Is this a new variant (wscript.shell)? Is the vulnerability mitigated by > today's Microsoft patch? > > > > Hello; > > Code is based on http://www.securityfocus.com/archive/1/367878 (POC by > Jelmer) message. I just added a new feature "download" and then execute > application. Also I use Wscript.Shell in Javascript instead of > Shell.Application. > > ________________________________ > > Do you Yahoo!? > New and Improved Yahoo! Mail > <http://us.rd.yahoo.com/mail_us/taglines/100/*http://promotions.yahoo.com/ > new_mail/static/efficiency.html> - 100MB free storage! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
