To All Windows And Ie Users

[black_death]

ALERT:

THERE is a harmful flaw in IE that gives people power to do most things they want to your
system(delete,execute......) i found it three weeks ago.
These are my suggestions to avoid any harm :
1.when you want to surf the web use another browser instead of IE (no matter wat version)
2.windows 2000 and XP would be least harmed !
3.don't vist insecure sites
This flaw can be used only if the target visits a site or the person trying to cause harm has phisical access.
4.IF suddenly you saw a download pop up read it to insure what it is(The least thing one can
do with this flaw is disconnect you from the server making you download something from your own hardware that is vital for windows like rundll32)
5.quit using MS products
-------------------------------------------------------------------------------------------------------------------
As far as the laws of mathematics refer to reality, they are not certain, and as far as they are certain, they do not refer to reality." -- Albert Einstein

[digitalgadfly]

Hmm...I am not sure if this is a joke or just a poorly written post. If it is a joke, ahahaha. If it is a real threat/flaw would you please care to elaborate. It sounds like you are giving us basic Windows/IE tips.

[t2k2]

black_death: Maybe you should do some research to find out what information, if any, is already published about this and post the link here for us to check out. It may seem a little questionable to the AO members the way you have phrased it in the post. Thanks for the information.

[Palemoon]

Huh? and I get neged for a comma Oh Well in a DeWOP mood

[black_death]

well it seems you are not taken this serious so there is no need of elaboration.
just remember one thing (SHELL ACCESS) and see when MS releases a patch about it .

good luck
------------------------------------------------------------------------------------------------------------
Life is hard, but it's harder if you're stupid.

[Phat_Penguin]

black_death is this what you are alluding to ?

Courtesy of www.eeye.com.

Windows Shell Overflow

Release Date:
March 8, 2002

Severity:
Medium

Systems Affected:
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Terminal Server Edition
Microsoft Windows 2000

Description:
There exists a buffer-overflow vulnerability within the Microsoft Windows Shell that can lead to execution of malicious code. The vulnerability exists in the way the Windows Shell manipulates URL handlers that point to programs that do not exist.

Full story here: http://www.eeye.com/html/Research/Ad...D20020308.html

There is a link to MS for the patch and security advisory for this on the site.

A little more detail in your post would help.

PP

[allenb1963]

Anyone have an encryption key to the original post?? I'd love to know what the deal is on this one...

[black_death]

what i am talking about is somthing close to what eeye has released but that is only a little part of the flaw i am trying to tell everyone about.
(i found that flaw eeye has realesed when i tried to find one of help links eeye used in IRIS (you probebly know wat it is)it was somthing like irs:main\help.html)...

but the flaw i have found dose not just let you run a progie but read files,change files,force the target to delete all files for example on c:,New shell,direct access
to:
/root:windows
/system:windows/system
/cookies:windows/cookies
.......
till now i have found 31 direct links
i have used java script to force users into running active x controllers
crashed windows 2000 and xp by providing it with wrong link to root
disconnect users with just providing a broken link to nowhere
i am trying it on my university network to see if it can give root access or not

you guyz probebly know that i can not elaborate such thingz ,thats why i am not givin
enough info about the flaw.
so please stop pushin me and given me negetive anto points
i 'll make it public when ever i find all the ups and downs.
WELL mabe this place was not a good one to dicuss such thingz!!!
----------------------------------------------------------------------------------------------------------------------
I may not agree with what you say, but I will defend to the death your right to say it.

[Terr]

Don't take this the wrong way, but the qualities of your reponses are such that many here are probably very very skeptical. If you don't want to elaborate on it, why are you posting it here? Hoping to recieve accolades?