Well... here we are again... seems like only last week, I was putting up killbit apps for "daxctle.ocx"...
(and really, it was 10 days ago... sheesh, how time flies!)
Anyway, I've got two more for you, this time, setting the killbits on a couple versions of webvw.dll, and (as far as we can tell) shutting off access to the stuff that makes IE vulnerable to the "setslice" issue. Note: we've tested these settings against the Metasploit project's test page, and they work. Because MS hasn't released any information as of yet, we're sortof flying blind here... However, that being said, the killbit method is great, because it is completely reversable.
There are two versions of the app, one a standard Windows program, the other a command-line version.
The standard Windows app will tell you the status of the two killbits (ANDed together, for you programmer-types out there...) and give you the option to change them. (From SET to UN-SET, and vice versa...)
Standard Windows app: WEBVW.DLL_KillBit.exe - 2,560 bytes
The command-line app will SET the killbits when run with no parameters, and UNSET them when run with any parameter (say "/r"). It will return 0 on success and 1 on failure.
Command line app: WEBVW.DLL_KillBit_cmd.exe - 3,548 bytes
Tom Liston - ISC Handler
Senior Security Consultant - Intelguardians
Sep 28th 2006
1 decade ago
Warning; These two EXEs do not have a Vista manifest, ergo they use Virtualization on Vista.
What does this mean? If you run them on Vista, you'll actually be writing to [HKEY_USERS\S-1-5-XX-XXXXXXXX-XXXXXXXXX-XXXXXXXXX-XXXX\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility]
May 30th 2008
1 decade ago