Tag: URI

Bypassing Windows ASLR using “skype4COM” protocol handler

While investigating an unrelated issue using SysInternals Autoruns tool I spotted a couple of protocol handlers installed on the system by Skype. Knowing that protocol handlers can be loaded by Internet Explorer without any prompts I decided to check if these libraries have there dynamic base bits set. It turns out that the “skype4com.dll” library…


Bypassing Microsoft Windows ASLR with a little help by MS-Help

Exploiting vulnerabilities on Windows 7 is not as easy as it used to be on Windows XP. Writing an exploit to bypass ASLR and DEP on Windows 7 was still relatively easy if Java 6 was installed as it got shipped with non aslr msvcr71.dll library. Now that Java 7 has been out for a…


Windows URI protocol handling vulnerability

This is an interesting vulnerability first got published at the end of July 2007 but really brought to light at the end of October 2007. Spammers exploited this vulnerability by sending a specially crafted URI (Uniform Resource Identifier) containing a “%” character and ending with a certain extension (e.g. “.bat” or “.cmd”). Internet Explorer 7…