On my box, WinXP with SP2, the PoC worked as described...
-----Original Message-----
From: ShredderSub7 SecExpert [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 27, 2004 7:24 PM
To: [email protected]
Subject: [Full-Disclosure] Windows (XP SP2) Remote code execution with parameters
PoC (called CMDExe): http://www.freewebs.com/shreddersub7/htm.htm
Discussion: http://www.freewebs.com/shreddersub7/expl-discuss.htm
------------------Which systems are vulnerable?--------
Any system running any Microsoft Windows XP edition with Internet Explorer 6
or higher, even with SP2 applied.
Any system running any Microsoft Windows Server 2003 edition with Internet
Explorer 6 or higher.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
