UPDATED: the insider exploit( = the latest ie 0day which involves SHOWMODALDIALOG)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: UPDATED: the insider exploit( = the latest ie 0day which involves SHOWMODALDIALOG)
From: Liu Die Yu <liudieyu@xxxxxxxxxxxxx>
Date: 11 Jan 2005 16:32:04 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


the insider exploit( = the latest ie 0day involving SHOWMODALDIALOG) was 
verified to work on winxp-en-pro-sp1-ms04004(MS04-004 = Q832894 = KB832894), 
but it does not work on winxp-en-pro-sp1-noextrapatch.

jelmer's exploit is not perfect: URLs are hardcoded, and JSP is not popular. so 
i made this PHP version for copy-and-play:
http://0daymon.org/monitor/insider/dir.zip

=====
i got it while preparing my collection of applicable IE 0day and related 
original posts:
http://0daymon.org/monitor/
that exploit doesn't work without that IE patch - quite weired, right?

and those phishers and their tech support are not as wise as the media 
describes:
1. they should have removed their code immediately after THE-INSIDER(RAFI from 
IS) published those URLs. but they still  run their stuff to tell the whole 
world: "yes! we are criminals armed with 0day!"
2. at that time most of home-user systems( = their targets) were not uptodate, 
which means most of them didn't have MS04-004 required for the exploit to 
successfully compromise themself.

first i test, then i post :-)))

Prev by Date: Multi-vendor AV gateway image inspection bypass vulnerability
Next by Date: The Misuse of RC4 in Microsoft Word and Excel
Previous by thread: Multi-vendor AV gateway image inspection bypass vulnerability
Next by thread: The Misuse of RC4 in Microsoft Word and Excel
Index(es):
- Date
- Thread