Thomas Thornbury <thorntat_private> wrote: > This has got to be one of the scarier exploits in recent memory. Nah -- _far_ from it. Several people with a good record of finding truly bad holes in IE and related s/w have been banging away at this for some time now. First, to date no-one has found a way to use it for executing arbitrary code and there have been several other holes recently that do allow arbitrary code execution. Second, no-one has even found a way to poke parameters to the programs that can be launched this way, which have to have a fully specified, local to the target program filename or pre-existing CLSID definition in the target machine's registry: http://home.austin.rr.com/wiredgoddess/thepull/funRun.html I'd rate it "mildly interesting"... This does not mean MS should delay fixing it until some clever soul does work out how to achieve either or both the above, but it certainly makes it orders of magnitude less interesting and less worrying than some of the recent "auto-detach and run" Email attachments or MIME "inclusions" in web pages bugs. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
This archive was generated by hypermail 2b30 : Tue Mar 05 2002 - 20:17:23 PST