Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-Disclosure] YEY AGAIN Automatic remote compromise of InternetE

from [Aviv Raff] Network Security [Permanent Link]
Subject: RE: [Full-Disclosure] YEY AGAIN Automatic remote compromise of InternetExplorer Service Pack 2 XP SP2
Date: Sat, 25 Dec 2004 14:46:53 +0200 
Hi,
 
Somehow the POC does not work on both of my WinXPSP2 pro boxes.
Both are fully patched, but one is hardened and the other is after a clean
install.
 
After running the POC, the IE opens the Help window, but then freezes for a
couple of minutes. 
After IE stops freezing, there is no Microsoft Office.hta on the startup
folder.
 
And yes, I'm running this on an Administrator account.
 
Can anyone else confirm this?
 
-- Aviv Raff

From "Zen and the Art of Why Linux Sucks": "Ahh.. Can you smell the 'open

source' zealots in the morning?".
 
 


  _____  

From: full-disclosure-bounces@lists.netsys.com
[mailto:full-disclosure-bounces@lists.netsys.com] On Behalf Of Michael
Evanchik
Sent: Friday, December 24, 2004 6:11 PM
To: full-disclosure@lists.netsys.com; bugtraq@securityfocus.com;
NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM; vuln@vulnwatch.org
Subject: [Full-Disclosure] YEY AGAIN Automatic remote compromise of
InternetExplorer Service Pack 2 XP SP2



http://freehost07.websamba.com/greyhats/sp2rc-analysis.htm

Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise

Dec, 21 2004

Vulnerable
----------
- Microsoft Internet Explorer 6.0
- Microsoft Windows XP Pro SP2
- Microsoft Windows XP Home SP2

Not Tested
------------------------
- Microsoft Windows 98
- Microsoft Internet Explorer 5.x
- Microsoft Windows 2003 Server

Severity
---------
Critical - Remote code execution, no user intervention

Proof of Concept?
------------------
- http://freehost07.websamba.com/greyhats/sp2rc.htm

- If an error is shown, press OK. This is normal.

- Notice in your startup menu a new file called Microsoft Office.hta. When
run, this file will download and launch a harmless executable (which
includes a pretty neat fire animation) 

 

Michael Evanchik

Relationship1

p: 914-921-4400

f:  914-921-6007

mailto:mevanchik@relationship1.com

web: http://www.relationship1.com

 

 

############################################################################
#########
This Mail Was Scanned by 012.net Anti Virus Service - Powered by TrendMicro
Interscan
        

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] Status (full-disclosure@lists.netsys.com), shaunige
Next by Date:  [Full-Disclosure] Re: Re: Microsoft Windows LoadImage API Integer Buffer overflow, flashsky
Previous by Thread:  [Full-Disclosure] YEY AGAIN Automatic remote compromise of Internet Explorer Service Pack 2 XP SP2, Michael Evanchik
Next by Thread:  RE: [Full-Disclosure] YEY AGAIN Automatic remote compromise ofInternetExplorer Service Pack 2 XP SP2, Michael Evanchik
Indexes:  [Date] [Thread] [Top] [All Lists]