[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: RE: playing for fun with <=IE7

Hi there
Nop it wont work.
the first .exe extension will be overwriten by
the second one . then it will be putty.exe anyways.

"avivra" did mention that he was able to use this bypass to automate the PDF attack vector
found by GNUCitizen's pdp

he also did mention that cyber_flash found the same kind of vuln on IE6 sp2 3 years ago.

thanks to him for theses precisions.

i was also able to reproduce the pdp(gnucitizen) pdf 0days remotly without any promt with IE7
using the avivra idea/exemple showed on his video
here's a live exemple:
pdf is open , calc.exe is launched no promt .

we can imagine the impact with a:
-permanent Xss
-malicious webpage

regards laurent gaffié

//sorry for the delay.