Executing arbitrary commands without Active Script

Discussion in 'other security issues & news' started by Zhen-Xjell, Feb 28, 2002.

Thread Status:
Not open for further replies.
  1. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    Any application that hosts the WebBrowser control (5.5+) is affected since this exploit does not require Active Scripting or ActiveX. Some of these applications are:

    -Microsoft Internet Explorer
    -Microsoft Outlook
    -Microsoft Outlook Express

    http://security.greymagic.com/adv/gm001-ie/

    [hr]
    Of particular interest, while running Proxomitron nothing was executed on the test pages via the supplied link above.  
     
  2. Old_Sixteen

    Old_Sixteen Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    17
    Re:Update, workaround & AA issue

    I saw that the security "test" page at Greymagic on the
    IE exploit, has been ammended as follows:

     
  3. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: Executing arbitrary commands without Active Sc

    I presume Proxomitron could handle this with ease...?
     
  4. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Re: Executing arbitrary commands without Active Sc

    What I find interesting is on my Windows XP system, when I change that registry entry, I do not get a box prompting anything - I simply get a message saying "your current security settings prevent running ActiveX controls of this nature"...

    Is this some "feature" specific to Windows XP?
     
  5. FanJ

    FanJ Guest

  6. FanJ

    FanJ Guest

    Re: Executing arbitrary commands without Active Sc

    And here you can also read about it:
    http://edensoft.com/exploit.html
     
  7. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Re: Executing arbitrary commands without Active Sc

    Found that last link, hadn't found the other - thanks.

    On a side note I find it amusing that Microsoft is saying that if they are forced to remove IE from Windows, they will pull Windows XP and 2000 off the market, and not develop new versions (on dslreports.com)

    But still, I think the extra code time to make IE removable from Windows could be VERY useful to removing SYSTEM vulnerabilities like these - but wouldn't that also remove a Microsoft monopoly? Oops...oh well...
     
  8. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Re: Executing arbitrary commands without Active Sc

    On the dslreports.com link that was provided by FanJ, it IS stated that Proxomitron blocks this with one of its filters.

    (On another side note, check out my posting here: http://www.security-pro.co.uk/yabb/YaBB.pl?board=osif;action=display;num=1015289148 about how a Java applet can redirect browser traffic and steal personal data (in some ways) when you are using any type of proxy (Microsoft Bulleting MS02-03...a patch is provided).
     
  9. FanJ

    FanJ Guest

    Re: Executing arbitrary commands without Active Sc

    Yep,
    ZX also wrote that in the first posting at this thread  :)
     
  10. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    Re: Executing arbitrary commands without Active Sc

    Proxomitron.. what an easter basket.
     
  11. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: Executing arbitrary commands without Active Sc

    Zhen-Xjell, have you got a 25-words or less guide to installing your ZX list into Proxomitron?

    Merci.  (I've gone hard-of-thinking today.)

    PS hope all's well with your grandfather.
     
  12. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    Re: Executing arbitrary commands without Active Sc

    Thanks Checkout.

    Unzip zx.zip into proxo root directory.  Configure you browser to use it "localhost" port "8080" in HTTP. Enable HTTP 1 over proxy connections.  Start Proxo!

    (25 words exact)
     
  13. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Re: Executing arbitrary commands without Active Sc

    Thank you.  (Two wor...oh hell, I blew it!)
     
Loading...
Thread Status:
Not open for further replies.