There is a URL protocol handler command injection vulnerability in Internet Explorer for Windows that allows you to execute shell commands with arbitrary arguments. This vulnerability can be triggered without user interaction simply by visiting a webpage.
97817c440ccad36fa887930439c3bdaf4a4453e3d8bf7987f58f1e95ea0330a9There is a URL protocol handler command injection vulnerability in
Internet Explorer for Windows that allows you to execute shell commands
with arbitrary arguments. This vulnerability can be triggered without
user interaction simply by visiting a webpage.
When Internet Explorer encounters a reference to content inside a
registered URL protocol handler scheme it calls ShellExecute with the
EXE image path and passes the entire request URI without any input
validation. For the sake of demonstration I have constructed an exploit
that bounces through Firefox via the FirefoxURL protocol handler. The
full advisory and a working Proof of Concept exploit can be found at
http://larholm.com/2007/07/10/internet-explorer-0day-exploit/
Cheers
Thor Larholm
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed