To All Windows And Ie Users
Results 1 to 9 of 9

Thread: To All Windows And Ie Users

  1. #1
    Member
    Join Date
    Sep 2002
    Posts
    98

    To All Windows And Ie Users

    ALERT:

    THERE is a harmful flaw in IE that gives people power to do most things they want to your
    system(delete,execute......) i found it three weeks ago.
    These are my suggestions to avoid any harm :
    1.when you want to surf the web use another browser instead of IE (no matter wat version)
    2.windows 2000 and XP would be least harmed !
    3.don't vist insecure sites
    This flaw can be used only if the target visits a site or the person trying to cause harm has phisical access.
    4.IF suddenly you saw a download pop up read it to insure what it is(The least thing one can
    do with this flaw is disconnect you from the server making you download something from your own hardware that is vital for windows like rundll32)
    5.quit using MS products
    -------------------------------------------------------------------------------------------------------------------
    As far as the laws of mathematics refer to reality, they are not certain, and as far as they are certain, they do not refer to reality." -- Albert Einstein
    Share on Google+

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    115
    Hmm...I am not sure if this is a joke or just a poorly written post. If it is a joke, ahahaha. If it is a real threat/flaw would you please care to elaborate. It sounds like you are giving us basic Windows/IE tips.
    Civilization. The death of dreams.
    Share on Google+

  3. #3
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    black_death: Maybe you should do some research to find out what information, if any, is already published about this and post the link here for us to check out. It may seem a little questionable to the AO members the way you have phrased it in the post. Thanks for the information.
    Opinions are like holes - everybody\'s got\'em.

    Smile
    Share on Google+

  4. #4
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Huh? and I get neged for a comma Oh Well in a DeWOP mood
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg
    Share on Google+

  5. #5
    Member
    Join Date
    Sep 2002
    Posts
    98

    ya aint' taken this serious

    well it seems you are not taken this serious so there is no need of elaboration.
    just remember one thing (SHELL ACCESS) and see when MS releases a patch about it .

    good luck
    ------------------------------------------------------------------------------------------------------------
    Life is hard, but it's harder if you're stupid.
    Share on Google+

  6. #6
    Senior Member
    Join Date
    May 2002
    Posts
    450
    black_death is this what you are alluding to ?

    Courtesy of www.eeye.com.

    Windows Shell Overflow

    Release Date:
    March 8, 2002

    Severity:
    Medium

    Systems Affected:
    Microsoft Windows 98
    Microsoft Windows 98 Second Edition
    Microsoft Windows NT 4.0
    Microsoft Windows NT 4.0 Terminal Server Edition
    Microsoft Windows 2000

    Description:
    There exists a buffer-overflow vulnerability within the Microsoft Windows Shell that can lead to execution of malicious code. The vulnerability exists in the way the Windows Shell manipulates URL handlers that point to programs that do not exist.

    Full story here: http://www.eeye.com/html/Research/Ad...D20020308.html

    There is a link to MS for the patch and security advisory for this on the site.

    A little more detail in your post would help.

    PP
    Share on Google+

  7. #7
    Old Fart
    Join Date
    Jun 2002
    Posts
    1,658
    Anyone have an encryption key to the original post?? I'd love to know what the deal is on this one...
    Al
    It isn't paranoia when you KNOW they're out to get you...
    Share on Google+

  8. #8
    Member
    Join Date
    Sep 2002
    Posts
    98

    what i am talking about is somthing close to what eeye has released but that is only a little part of the flaw i am trying to tell everyone about.
    (i found that flaw eeye has realesed when i tried to find one of help links eeye used in IRIS (you probebly know wat it is)it was somthing like irs:main\help.html)...

    but the flaw i have found dose not just let you run a progie but read files,change files,force the target to delete all files for example on c:,New shell,direct access
    to:
    /root:windows
    /system:windows/system
    /cookies:windows/cookies
    .......
    till now i have found 31 direct links
    i have used java script to force users into running active x controllers
    crashed windows 2000 and xp by providing it with wrong link to root
    disconnect users with just providing a broken link to nowhere
    i am trying it on my university network to see if it can give root access or not

    you guyz probebly know that i can not elaborate such thingz ,thats why i am not givin
    enough info about the flaw.
    so please stop pushin me and given me negetive anto points
    i 'll make it public when ever i find all the ups and downs.
    WELL mabe this place was not a good one to dicuss such thingz!!!
    ----------------------------------------------------------------------------------------------------------------------
    I may not agree with what you say, but I will defend to the death your right to say it.
    Share on Google+

  9. #9
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Don't take this the wrong way, but the qualities of your reponses are such that many here are probably very very skeptical. If you don't want to elaborate on it, why are you posting it here? Hoping to recieve accolades?
    [HvC]Terr: L33T Technical Proficiency
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •