Re: Microsoft Internet Explorer "javaprxy.dll" Code Execution Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Microsoft Internet Explorer "javaprxy.dll" Code Execution Exploit
From: berendjanwever@xxxxxxxxx
Date: 5 Jul 2005 22:21:40 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Thanks you all for notifying the frsirt team of their credit/copyright 
missteps, they seem to have corrected this on their website. I would like to 
request any exploit archive to reflect their changes and warn any developers 
that the code is under GPL and any work based on it will therefore also be 
under GPL. 

On a side note, www.milw0rm.com has the HTML output of the exploit (the perl 
script has no other function then to make it look less like they ripped off my 
code).

The exploit is nothing more then a combination of the core of my Internet 
Exploiter script and the origional PoC. The frsirt team does not seem to have 
done a lot of research on the vuln or any fine-tuning on the script. It's 
pretty pathetic actually... but since I will not release Internet Exploiter 5 
myself, you guys will have to make do with this ;)

Cheers,
SkyLined
http://www.edup.tudelft.nl/~bjwever

Prev by Date: Advisory 07/2005: Jaws Multiple Remote Code Execution Vulnerabilities
Next by Date: Re: /dev/random is probably not
Previous by thread: Re: Microsoft Internet Explorer "javaprxy.dll" Code Execution Exploit
Next by thread: Three More Vulnerable to PHPXMLRPC code injection
Index(es):
- Date
- Thread