Naturally, this only works from a local security zone such as the My Computer zone. You cannot exploit the Shell.Application object from the Internet Zone where you get an explanatory "Permission Denied" error.
This eases the process of abusing local security zone privileges but does not change that you could already download and execute files when inside a local security zone. If you want to "exploit" this from the Internet Zone you still need to rely on yet another cross-domain vulnerability to gain access to the My Computer zone where you could already use ADODB and codeBase to execute files. One more way to do the same, but definitely a more explanatory and simplistic approach ;) Naturally, locking down the My Computer zone prevents this exploit from working - personally, I would recommend installing Qwik-Fix and forget about command execution vulnerabilities in IE :) Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com [EMAIL PROTECTED] 949-231-8496 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, January 01, 2004 2:42 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV <snip http://lists.netsys.com/pipermail/full-disclosure/2004-January/015144.ht ml> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
