Internet Explorer 0day exploit Jul 10 2007 05:09AM
Thor Larholm (seclists larholm com) (1 replies)
There is a URL protocol handler command injection vulnerability in
Internet Explorer for Windows that allows you to execute shell commands
with arbitrary arguments. This vulnerability can be triggered without
user interaction simply by visiting a webpage.

When Internet Explorer encounters a reference to content inside a
registered URL protocol handler scheme it calls ShellExecute with the
EXE image path and passes the entire request URI without any input
validation. For the sake of demonstration I have constructed an exploit
that bounces through Firefox via the FirefoxURL protocol handler. The
full advisory and a working Proof of Concept exploit can be found at

http://larholm.com/2007/07/10/internet-explorer-0day-exploit/

Cheers
Thor Larholm

[ reply ]
Re: Internet Explorer 0day exploit Jul 10 2007 03:53PM
Gadi Evron (ge linuxbox org) (1 replies)
Re: Internet Explorer 0day exploit Jul 15 2007 02:40AM
Dragos Ruiu (dr kyx net) (1 replies)
Re: Internet Explorer 0day exploit Jul 15 2007 02:41AM
Gadi Evron (ge linuxbox org) (1 replies)
Re: Internet Explorer 0day exploit Jul 18 2007 08:37AM
Chris Stromblad (cs outpost24 com) (2 replies)
Re: Internet Explorer 0day exploit Jul 18 2007 06:37PM
Bigby Findrake (bigby ephemeron org) (1 replies)
Re: Internet Explorer 0day exploit Jul 18 2007 08:17PM
Chris Stromblad (cs outpost24 com)
Re: Internet Explorer 0day exploit Jul 18 2007 04:53PM
Zow Terry Brugger (zow llnl gov) (1 replies)
Re: Internet Explorer 0day exploit Jul 18 2007 08:12PM
Chris Stromblad (cs outpost24 com) (1 replies)
Re: Internet Explorer 0day exploit Jul 20 2007 09:08PM
Chad Perrin (perrin apotheon com) (1 replies)
RE: Internet Explorer 0day exploit Jul 21 2007 03:22PM
Ken Kousky (kkousky ip3inc com) (2 replies)
RE: Internet Explorer 0day exploit Jul 24 2007 02:54PM
Roger A. Grimes (roger banneretcs com)
RE: Internet Explorer 0day exploit Jul 24 2007 05:37AM
Hugo van der Kooij (hvdkooij vanderkooij org)


 

Privacy Statement
Copyright 2010, SecurityFocus