Bugtraq mailing list archives
hole in Inet Explorer
From: cacaio () GEOCITIES COM (Cacaio Torquato)
Date: Tue, 4 Nov 1997 11:02:38 -0200
Ghosting This page is a description of a ghosting attack and flaw on Internet Explorer 4. Internet Explorer 4 has a flaw that allows an applet to write to its desktop or to other windows. The following is a description(in sequence) of the ghosting attack which is done by a test applet which draws white(colour of a ghost) image on the screen. 1.The victim visits the page. 2.The applet is loaded. 3.The applet fails to work. The applet seems to be stuck at the initialisation process. 4.The victim thinks that he/she has just loaded another badly coded applet. 5.The victim then closes the browser associated with the "bad" applet. 6.The applet starts attacking the active window, the desktop or Start menus usually after victim clicks mouse button. The following are the symptoms on Internet Explorer 4 on a Pentium PC * White pixels will flood the whole desktop. * White pixels will flood the menu bar/Start button * White pixels will try to flood active window but not 100% successful. * Victims may not see their mouse cursor. * Victims cannot see where they are clicking or where to click Here are several screen captures of the symptoms Symptom No 1(Desktop view):Desktop flooded,start menu nearly flooded Symptom No 2(Internet Explorer 4 view):web page area and rebar menu contents flooded, rebar nealy flooded The following is a test results on different installations of Internet Explorer 4 Browser WAD Ghost Appears? Internet Explorer 4.0/Win95 X X Internet Explorer 4.0/Win95 O ? Internet Explorer 4.01/Win95(Upgrade) X X Internet Explorer 4.01/Win95 O O Internet Explorer 4.01/Win95 X X Internet Explorer 4.0/Win/WinNT3.x ? ? Internet Explorer 4.0/Mac ? ? WAD-With Active Desktop Component installed? X-Yes O-No From the above results we can see that this flaw only exists for installations of Internet Explorer 4 together with Active Desktop Component. Otherwise the Internet Explorer is safe from the attack. Recovery: * Those familiar with windows will try to "end task" the explorer by using the famous CTRL+ALT+DEL. * However most victims will restart their computer. * Such victims should log off and relogin for a fast recovery. Cacaio Personal Page: http://www.a-vip.com/cacaio The Death Knights group: http://www.deathsdoor.com/tdk +-------------------------------------------------------+ | BrasNet IRC Servers Network - Brazil | | irc.brasnet.org irc.webtech.com.br | +-------------------------------------------------------+ Tragic Bombs: Hiroshima'45 Chernobyl'86 Windows'95
Current thread:
- Re: NT configuration caution, (continued)
- Re: NT configuration caution David LeBlanc (Apr 21)
- Re: NT configuration caution Zacharopoulos Dimitris (Apr 21)
- New IE4 bug w/Active Desktop installed Brian Krahmer (Apr 21)
- Re: New IE4 bug w/Active Desktop installed Max Vision (Apr 21)
- Vulnerability in HP OpenMail David Jones (Apr 21)
- Re: Vulnerability in HP OpenMail Richi Jennings (Apr 23)
- Re: NT configuration caution David LeBlanc (Apr 21)
- smbmount problem? Chris Evans (Apr 21)
- Re: smbmount problem? Czako Krisztian (Apr 21)
- Re: NT configuration caution David LeBlanc (Apr 21)
- Re: NT configuration caution Tim Newsham (Apr 21)
- hole in Inet Explorer Cacaio Torquato (Nov 04)
- Re: NT configuration caution David LeBlanc (Apr 22)
- Linux possible problem? Kyle McLerren (Apr 22)
- Vulnerability in OpenBSD, FreeBSD-stable lprm. Niall Smart (Apr 22)