A
Andreas Eibach
Hi there,
after extensive testing, I cannot reproduce J. Pearson's CT exploit:
http://www.computerterrorism.com/research/ie/poc.htm
Pearson himself said that this only affected IE 5.5 and 6, but Microsoft
*explicitly* states that IE 5.01 SP4 on Win2K is also affected:
http://www.microsoft.com/technet/security/advisory/911302.mspx
(=> Overview)
Well, I can only negate this, since CALC.EXE did *not* open on my fully
patched Win2K system.
Details:
Win2K SP 4 (all important and critical patches applied, including Rollup
1)
IE 5.01 SP 4 (5.00.3700.1000) [Q823353; Q903235; Q896688]
Active Scripting: ENABLED
"Allow insert operations via script": DISABLED
Basic security in Internet zone: High
(customizations include: allow downloads, allow per-session cookies,
etc.)
When running Pearson's exploit in "Win2K edition", I get a full-screen
window, with a "loading ... " message on the window, and hidden behind
the window on the left hand side there is a prompt to type in something.
I wait and wait, and I get "<process has already been terminated> has
caused errors ... etc".
But no calc.exe opened!
So may I conclude from this that IE 5.01 SP4 is NOT affected, as Pearson
stated (unlike MS)?
Or can anyone of you guys still running "original" IE shipped with Win2K
successfully reproduce his exploit?
-Andreas
after extensive testing, I cannot reproduce J. Pearson's CT exploit:
http://www.computerterrorism.com/research/ie/poc.htm
Pearson himself said that this only affected IE 5.5 and 6, but Microsoft
*explicitly* states that IE 5.01 SP4 on Win2K is also affected:
http://www.microsoft.com/technet/security/advisory/911302.mspx
(=> Overview)
Well, I can only negate this, since CALC.EXE did *not* open on my fully
patched Win2K system.
Details:
Win2K SP 4 (all important and critical patches applied, including Rollup
1)
IE 5.01 SP 4 (5.00.3700.1000) [Q823353; Q903235; Q896688]
Active Scripting: ENABLED
"Allow insert operations via script": DISABLED
Basic security in Internet zone: High
(customizations include: allow downloads, allow per-session cookies,
etc.)
When running Pearson's exploit in "Win2K edition", I get a full-screen
window, with a "loading ... " message on the window, and hidden behind
the window on the left hand side there is a prompt to type in something.
I wait and wait, and I get "<process has already been terminated> has
caused errors ... etc".
But no calc.exe opened!
So may I conclude from this that IE 5.01 SP4 is NOT affected, as Pearson
stated (unlike MS)?
Or can anyone of you guys still running "original" IE shipped with Win2K
successfully reproduce his exploit?
-Andreas