Full Disclosure mailing list archives
RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV
From: <tlarholm () pivx com>
Date: Mon, 5 Jan 2004 09:54:46 -0800
Clear of FUD: The threat is the same as before, one of the subcomponents of existing exploits just has a new approach. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com 949-231-8496 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> -----Original Message----- From: John Bisley [mailto:bisley110 () yahoo co uk] Sent: Monday, January 05, 2004 3:15 AM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV Hi All Can anyone out there clear the FUD and speak to the less Web Savvy (like me) - I set up up a quarantine system (although still with Internet connectivity) to run the exe-cute-html but this didn't 'appear' to do anything other than display the "JUNKWARE" text. i.e. I downloaded the zip and extracted the html and then I double-clicked on the html file so that IE(5.5) would run it. So I presume it would be running the html from the MyComputer zone - but I didn't get a dialog box or anything. I'm mostly interested in whether this is a big risk to the company. I'm willing to believe that users can be fooled into downloading html and opening it locally (e.g. if they think that they are downloading a useful report), but then, they can probably be fooled into downloading an exe and running it... So am I simply looking at continued Security Awareness briefings (or more draconian download restrictions) or is there a greater exposure that I'm missing. I may have missed earlier parts of this thread so I hope I'm not going over old ground. Regards Bis
From: "morning_wood" <se_cur_ity () hotmail com> To: <full-disclosure () lists netsys com> Subject: Re: [Full-disclosure] Self-Executing HTML: Internet Explorer
5.5 and 6.0 Part IV
Date: Fri, 2 Jan 2004 11:56:29 -0800On Thu, 1 Jan 2004 22:41:35 -0000 "http-equiv () excite com" wrote: [snip]Fully self-contained harmless *.exe: http://www.malware.com/exe-cute-html.zip[snip] This doesn't look like self-executing HTML - anyway.Gives dialog box to open or save a "blabla.hta" and no, it does not self-execute even under low security settings. try again Jelmer?
Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV, (continued)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV Jelmer Kuperus (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV Will Image (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV morning_wood (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV Thor Larholm (Jan 02)
- RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV Bojan Zdrnja (Jan 02)