Winblox is a User-mode WINAPI-level and open-source tool for controlling the behavior of applications running on Windows workstations.
b850313d2dbfbb30337ae7d5d686ca25b1e9fd33f445771d7cf1c56d3e2e0793On Double Byte Character Set Locale systems, such as Chinese, Japanese, etc, there exists a spoofing vulnerability within Microsoft Internet Explorer that enables attackers to fake the Address field.
3a77f862571fc252998d7700222e875fc627c98ac39e82150f4091acce5c76cdMozilla has a flaw that allows for a remote attacker to trick a user into launching an executable via the SHELL: directive.
fd7d9b4c544c63f7beb0438f89709b6c5360fb586f6c3dd818704e9f0530c84aInformation regarding proper exploitation of a cross site scripting flaw affecting Internet Explorer 6 SP1 running on Windows XP.
fa7c800af3ddd9495112ac117250468eeb5035d63765176288113058bd094d62WinBlox is a command line utility that can record, filter, and prevent file I/O operations. In record mode the WinBlox logs all I/O operation activity. A typical log record includes a date stamp, the operation type, the program name conducting the operation, and the target of I/O operation.
e05e96d6664ad70dda00e55a3b95e7a18f3b7db5c0473f9d3cf6e74e974d8c66Utilizing the MHTML parsing vulnerability in conjunction with the BackToFramedJpu vulnerability, a malicious attacker can obtain full MYCOMPUTER security zone access to a victim machine.
8fc2fdff885ad4c4d244ca251097a58a30fe147f299629978d607b790d85fb22A flaw exists in the way Microsoft Internet Explorer performs MHTML redirection that can lead to a victim having executables downloaded and run. Link to a demonstration included.
5c306ddeb0aa01ef9333f01161239c18011c97126963ca69abcbbe7de0d0f94fBy combining the Microsoft Internet Explorer cache file disclosure vulnerability with several other unpatched vulnerabilities, a malicious INTERNET page can reach the MYCOMPUTER zone. Link to two demonstrations included.
cc43c3bb8c3472af6421059b2f7d473dcbcc23680fa944324c5fc42c247a1411Microsoft Internet Explorer v6.SP1 and below has a vulnerable download function that can be exploited by a malicious attacker to gain access to a user's cache directory. Link to two demonstrations included.
dcaee30b8ef3a1cceeae51d751d897cc6278c21e1025eac9cf682ea1ae4fd7abA cross-zone scripting vulnerability has been found in Internet Explorer. If a web page contains some sub-frame, its security zone may be compromised. Link to a demonstration included.
a7c936db9ccb610dafbe96908b866aeba03e8da8fc499b043cc313c4e16d79efAfter applying the patch for MS03-048, Windows is still susceptible to the Hijack Click attack when performed in conjunction with the method caching attack which can make the window.move accessible again. Link to a demonstration included.
a06ff9d109e90948b1621c8cc5f4399cd3f2acd4266b9a925067a1f7cac1a306Six step cache attach for Internet Explorer v6sp1 (up to date on 10/30/2003) which combines several older unpatched and recently discovered vulnerabilities to execute code remotely by viewing a web page or HTML email. More information available here.
94ea12a634a074b51cb882c92f07466864fecdcb97c1c35652f1946575389bb0Secunia Research Advisory - Multiple remotely exploitable vulnerabilities have been discovered in Microsoft Internet Explorer, including cross site scripting problems, exposure of sensitive information, and system access. Vulnerable versions are 5.01, 5.5, and 6.
4e79f2cf181ab7bc26673e30bb7e89b6032c9f17fa3926229fc65644418bf5f5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed