Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL From Internet Explorer

["first last" <randnut () hotmail com>]

> Summary:
> A LoadLibrary / LoadLibraryEx weakness makes SSL on Internet Explorer very
> vulnerable to a “DLL proxy” attack. If exploited, unencrypted data can be
> intercepted before Internet Explorer (IE) uses the SSL module to encrypt 
> the
> data. Therefore, confidential information such as bank accounts and
> passwords could be stolen. Many applications are vulnerable to “DLL proxy”
> attack with different ramifications.

This is OLD news. Where have you been? It's been used for as long as 
LoadLibrary has existed by programs monitoring other programs. There are 
dozens of other ways of reading data from another program before and after 
data is encrypted/decrypted. I could write a dozen similar advisories and 
post them here and to BugTraq but I won't because they're OLD news.

> Vendor Status:
> Microsoft was informed of this weakness in December 2003. As of February 5,
> 2004, Microsoft has not provided any indication that they intend to provide
> any remedies for the affected Windows configurations.

Of course they won't because this is OLD news.

The subject of your email is "Round One," so I hope your next rounds will 
have some new information.

_________________________________________________________________
Get some great ideas here for your sweetheart on Valentine's Day - and 
beyond. http://special.msn.com/network/celebrateromance.armx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html