Full Disclosure mailing list archives
Re: Official IFRAME patch - make sure it installs correctly
From: Raoul Nakhmanson-Kulish <raoul () elforsoft com>
Date: Thu, 02 Dec 2004 19:57:39 +0300
Hello, Berend-Jan Wever!
The IFRAME vulnerability has been patched, see http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
Oh! Thanks, God!Good that nobody has hit upon an idea until now about exploiting this to launch self-spreading mail virus without user interaction by putting iframe into HTML message body: this hole is exploitable even in restricted zone and millions of OE and Outlook lemmings would be doomed.
Such thought visited me nearly right away when I had known this issue. -- Best regards, Raoul Nakhmanson-Kulish Elfor Soft Ltd., ERP Department http://www.elforsoft.ru/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Official IFRAME patch - make sure it installs correctly Berend-Jan Wever (Dec 01)
- Re: Official IFRAME patch - make sure it installs correctly Kevin (Dec 01)
- Re: Official IFRAME patch - make sure it installs correctly morning_wood (Dec 02)
- Re: Official IFRAME patch - make sure it installs correctly BillyBob (Dec 02)
- Re: Official IFRAME patch - make sure it installs correctly daniel uriah clemens (Dec 02)
- Re: Official IFRAME patch - make sure it installs correctly Raoul Nakhmanson-Kulish (Dec 02)
- <Possible follow-ups>
- Re: Official IFRAME patch - make sure it installs correctly Des Ward (Dec 02)
- Re: Official IFRAME patch - make sure it installs correctly Lionel Ferette (Dec 02)
- RE: Official IFRAME patch - make sure it installs correctly Todd Towles (Dec 02)
- RE: Official IFRAME patch - make sure it installs correctly Nick FitzGerald (Dec 02)
- Re: Official IFRAME patch - make sure it installs correctly Des Ward (Dec 02)
- RE: Official IFRAME patch - make sure it installs correctly Rivera Alonso, David (Dec 03)
- Re: Official IFRAME patch - make sure it installs correctly Kevin (Dec 01)