It's my fault; I had a bad configuration on my computer. Now I see it's patched correctly and this POC is not working anymore on fully patched windows.
Ferruh Mavituna http://ferruh.mavituna.com PGP Key: http://ferruh.mavituna.com/pgpkey.asc -----Original Message----- From: Fabricio A. Angeletti [mailto:[EMAIL PROTECTED] Sent: 17 Temmuz 2004 Cumartesi 05:17 To: Todd Towles; 'Ferruh Mavituna'; 'L33tPrincess'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC Its patched for me, there is another patch for it maybe u didnt installed or isnt active do u got a web to test it? ----- Original Message ----- From: "Todd Towles" <[EMAIL PROTECTED]> To: "'Ferruh Mavituna'" <[EMAIL PROTECTED]>; "'L33tPrincess'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, July 14, 2004 3:20 PM Subject: RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC > Once again, they are trying to patch the attack vector used instead of the > core IE problem itself (which is directly related to it being tied into the > OS level). I was once very pro-microsoft SMS Admin for my company but it is > getting out of hand. > > If you patch a hole, instead of a vector, then L33tPrincess wouldn't be able > to add a couple of lines to the code and change the vector to make the > exploit workable in like 10 mins. > > It is like they are throwing the media and the mass public trash "fix" to > make them happy while people like us shake our heads at what the public > doesn't know. The multiple patches for the same problem with different MS > numbers, it is a sad thing. > > -----Original Message----- > From: Ferruh Mavituna [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 14, 2004 1:15 PM > To: 'Todd Towles'; 'L33tPrincess'; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC > > The fun is MS says we fixed "shell" but it's still active for me. > > Ferruh.Mavituna > http://ferruh.mavituna.com > PGPKey : http://ferruh.mavituna.com/PGPKey.asc > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:full-disclosure- > > [EMAIL PROTECTED] On Behalf Of Todd Towles > > Sent: Wednesday, July 14, 2004 6:18 PM > > To: 'L33tPrincess'; [EMAIL PROTECTED]; full- > > [EMAIL PROTECTED] > > Subject: RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC > > > > Depends on how Microsoft fixed IE. If they did the same thing as the ADODB > > patch from last week and just focused on the Shell.Application variant > > instead of the code IE problem, then it won't stop this WSH variant by > > L33tPrincess. Which I must say is a sweet name. =) > > > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:full-disclosure- > > [EMAIL PROTECTED] On Behalf Of L33tPrincess > > Sent: Tuesday, July 13, 2004 9:34 PM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC > > > > > > > > Ferruh, > > > > Is this a new variant (wscript.shell)? Is the vulnerability mitigated by > > today's Microsoft patch? > > > > > > > > > > > > > > > > Hello; > > > > Code is based on http://www.securityfocus.com/archive/1/367878 (POC by > > Jelmer) message. I just added a new feature "download" and then execute > > application. Also I use Wscript.Shell in Javascript instead of > > Shell.Application. > > > > ________________________________ > > > > Do you Yahoo!? > > New and Improved Yahoo! Mail > > <http://us.rd.yahoo.com/mail_us/taglines/100/*http:/promotions.yahoo.com/n > > ew_mail/static/efficiency.html> - 100MB free storage! > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
