Re: new internet explorer exploit (was new worm)
I might not be understanding this correctly. On a test machine, I clicked
on the link provided. It does successfully copy "x.chm" file to c:\\ . But
I then see the error message "This operation can only function within HTML
help". Is the error message meaningless, and x.chm did it's thing. Or is
the processing stopped unsuccessfully with a failure after x.chm was
copied? Or is the error because x.chm is strictly a demonstration?
Help me understand this.
Thanks.
roozbeh afrasiabi <roozbeh_afrasiabi@xxxxxxxxx>
03/31/2004 07:50 AM
To
bugtraq@xxxxxxxxxxxxxxxxx
cc
Subject
Re: new internet explorer exploit (was new worm)
I have made little changes to the exploit jelmer coded,and now it
can run any program with parameters on victim's system (executable's path
or MUICACHE name must be known)it can download other files to victim's
system ,it is also possible to run files using their bond programs( if
1001001.xls is placed on victim's system it will be opened using excel
automaticlly god this ****).
The exploit places a chm file (x.chm) on victim's c:\\
directory,everything else is done using this chm file, it has access to
most programs on victim's system so it can do much more than a virus could
do.
cmd+dir:
http://www.freewebs.com/roozbeh_afrasiabi/exc.htm
ForwardSourceID:NT000819CE