Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17430
HistoryJul 10, 2007 - 12:00 a.m.

[Full-disclosure] Internet Explorer 0day exploit

2007-07-1000:00:00
vulners.com
25
JSON

There is a URL protocol handler command injection vulnerability in
Internet Explorer for Windows that allows you to execute shell commands
with arbitrary arguments. This vulnerability can be triggered without
user interaction simply by visiting a webpage.

When Internet Explorer encounters a reference to content inside a
registered URL protocol handler scheme it calls ShellExecute with the
EXE image path and passes the entire request URI without any input
validation. For the sake of demonstration I have constructed an exploit
that bounces through Firefox via the FirefoxURL protocol handler. The
full advisory and a working Proof of Concept exploit can be found at

http://larholm.com/2007/07/10/internet-explorer-0day-exploit/

Cheers
Thor Larholm

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON