Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: Bush2000
OK, you COULD use it in a vbscript, batch, or other active scripting goodie which is default installed on Windows systems, and which are treated as executables by default.

Your mention of CreateFile is a strawman, it's not one I mentioned.

You still could always use the other API call I mentioned previously to grab the environment variable, and stick that variable into the path for use with CreateFile, so CreateFile can do it, you just need an intermediate step.

In other words, you replied to only a part of my post an a method akin to picking fly crap from horse crap, ie, a distinction without a difference.

You said earlier that it was impossible, it's clearly not.
127 posted on 01/29/2004 7:47:28 PM PST by adam_az (Be vewy vewy qwiet, I'm hunting weftists.)
[ Post Reply | Private Reply | To 111 | View Replies ]

To: adam_az
OK, you COULD use it in a vbscript, batch, or other active scripting goodie which is default installed on Windows systems, and which are treated as executables by default.

A. That isn't even remotely relevant to this so-called exploit; in fact, the path is passed by an ActiveX control written in native code to the Win32 CreateFile() or CreateProcess() API -- where it isn't replacing %USERNAME%. There's simply no way for the caller to know what that path is.

B. Explain how (be precise) the %USERNAME% gets exploited by VBScript, etc.

Your mention of CreateFile is a strawman, it's not one I mentioned.

I could care less whether you mentioned something else. Your reference was nonsensical blather that has no bearing on the exploit described in this report.

You still could always use the other API call I mentioned previously to grab the environment variable, and stick that variable into the path for use with CreateFile, so CreateFile can do it, you just need an intermediate step.

You could also theoretically pump a few rounds into your own head -- but what the Hell does that have to do with an ActiveX control using CreateFile() or CreateProcess() to open a local file?!?

In other words, you replied to only a part of my post an a method akin to picking fly crap from horse crap, ie, a distinction without a difference.

Face it, Adam. You're grasping at straws. You thought that a simple replacement of %USERNAME% in the shell was the same mechanism used by the ActiveX control to open the local binary (either using CreateFile or CreateProcess). You were wrong. It's that simple. And you tried to cover your ignorance by spewing some nonsense about VBScript, etc.

You said earlier that it was impossible, it's clearly not.

I'm still waiting for you to explain how it's possible -- using reality (not your imagination) as the basis for your explanation.
147 posted on 01/29/2004 10:06:17 PM PST by Bush2000
[ Post Reply | Private Reply | To 127 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson