Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Browsers :: hack2195.htm

New "Clean" IE Remote Compromise
New "Clean" IE Remote Compromise


OS:Win2k3,CN version

IE: with MS03-048 installed.

OS:WinXp, CN version

Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/11/16


By combining several vulnerabilities in Internet Explorer, an attacker can execute his EXE file on victim's system.

("Clean" means: there is no old published vulnerability involved in this exploit)


There is a harmless demo: -Demo/index.html

(runs harmless demonstration executable)

[technical details]

First, use MhtRedirParsesLocalFile to parse a local file in an IFRAME,

(Liu Die Yu's e)

Then, use BackToFramedJpu to reach MYCOMPUTER zone.

(Liu Die Yu's 

At last, in MYCOMPUTER security zone, use MhtRedirLaunchInetExe to download the payload EXE file and execute it.

(Liu Die Yu's 


Disable Active Scripting in INTERNET zone.


greetings to:

Drew Copley, dror, guninski and mkill.


all mentioned resources can always be found at UMBRELLA.MX.TC


LiuDieyuinchina [N0-@-Sp2m]

UMBRELLA.MX.TC ==> How to contact "Liu Die Yu"


A wise man learns from other's mistakes; a fool learns from his own.


I would like to work professionally as a security researcher/bug finder. 

See my resume at my site. I am very eager to work, flexible, and 

extremely productive. I have a top notch resume, with credentials 

from leading bug finders. I am willing to work per contract, relocate, 

or telecommute. 


[Give a Hand]

I haven't got a job as a security researcher yet and my family don't support my security work - so, I don't have a computer of my own. Please consider about donating at: 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH