Re: [Full-Disclosure] telnet URL type used in exploit

[Aditya, ALD [ Aditya Lalit Deshmukh ]]

> The JavaScript overwrites telnet.exe with a downloaded executable and
> then runs it by pointing the browser at telnet://. Instead of
> launching a telnet shell as expected, the attackers code is executed.
> This is not only an example of the telnet URL type being involved in
> an exploit, but one that actually relies on it.

ok this is true for the script but by default the windows 2000 and up version of 
windows contain something known as windows file protection which replaces unrecognised 
files with known good files from the %windir%\repair dir. this can also be eaisily 
bypassed but it does provide some protection as it is enabled by default !

- aditya
������������������������������������������������������
�b���v�"�axZ�x����ڔGb�*'���[kj����j)m���r��

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html