|
Well... here we are again... seems like only last week, I was putting up killbit apps for "daxctle.ocx"...
(and really, it was 10 days ago... sheesh, how time flies!) Anyway, I've got two more for you, this time, setting the killbits on a couple versions of webvw.dll, and (as far as we can tell) shutting off access to the stuff that makes IE vulnerable to the "setslice" issue. Note: we've tested these settings against the Metasploit project's test page, and they work. Because MS hasn't released any information as of yet, we're sortof flying blind here... However, that being said, the killbit method is great, because it is completely reversable. There are two versions of the app, one a standard Windows program, the other a command-line version. The standard Windows app will tell you the status of the two killbits (ANDed together, for you programmer-types out there...) and give you the option to change them. (From SET to UN-SET, and vice versa...) Standard Windows app: WEBVW.DLL_KillBit.exe - 2,560 bytes MD5: f89b8896ed90f5387a57ed818294fe22 The command-line app will SET the killbits when run with no parameters, and UNSET them when run with any parameter (say "/r"). It will return 0 on success and 1 on failure. Command line app: WEBVW.DLL_KillBit_cmd.exe - 3,548 bytes MD5: ebc215850cd06b2de2d8e49428134271 Tom Liston - ISC Handler Senior Security Consultant - Intelguardians |
Tom 160 Posts Sep 28th 2006 |
| Thread locked Subscribe |
Sep 28th 2006 1 decade ago |
|
Warning; These two EXEs do not have a Vista manifest, ergo they use Virtualization on Vista.
What does this mean? If you run them on Vista, you'll actually be writing to [HKEY_USERS\S-1-5-XX-XXXXXXXX-XXXXXXXXX-XXXXXXXXX-XXXX\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility] thanks http://securitymario.spaces.live.com/ |
Anonymous |
| Quote |
May 30th 2008 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
