<<< Date Index >>>     <<< Thread Index >>>

Re: new internet explorer exploit (was new worm)



I might not be understanding this correctly. On a test machine, I clicked 
on the link provided. It does successfully copy "x.chm" file to c:\\ . But 
I then see the error message "This operation can only function within HTML 
help". Is the error message meaningless, and x.chm did it's thing. Or is 
the processing stopped unsuccessfully with a failure after x.chm was 
copied? Or is the error because x.chm is strictly a demonstration?

Help me understand this.

Thanks.




roozbeh afrasiabi <roozbeh_afrasiabi@xxxxxxxxx> 
03/31/2004 07:50 AM


To
bugtraq@xxxxxxxxxxxxxxxxx
cc

Subject
Re: new internet explorer exploit (was new worm)





I have made little changes to the exploit jelmer coded,and now  it 

can run any program with parameters on victim's system (executable's path 
or MUICACHE name must be known)it can download other files to victim's 
system ,it is also possible to run files using their bond programs( if 
1001001.xls is placed on victim's system it will be opened using excel 
automaticlly god this ****).



The exploit places a chm file (x.chm) on victim's c:\\ 
directory,everything else is done using this chm file, it has access to 
most programs on victim's system so it can do much more than a virus could 
do.



cmd+dir:

http://www.freewebs.com/roozbeh_afrasiabi/exc.htm

ForwardSourceID:NT000819CE