Full Disclosure mailing list archives
[sb] RE: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Tue, 8 Jun 2004 05:46:07 +0200
Finally I also attached the source files to this message
My McAfee-based gateway scanner blocks the attachment and labels it as "VBS/Psyme", which has this description (http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100749): "This trojan exploits an unpatched (at the time of this writing) vulnerability in Internet Explorer. The vulnerability allows for the writing, and overwriting, of local files by exploiting the ADODB.Stream object. There are several variants of this trojan. Therefore this description is design to give an overview of how the trojan works. The trojan exists as VBScript. This script contains instructions to download a remote executable, save it to a specified location on the local disk, and then execute it." Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer larryseltzer () ziffdavis com -- Sie haben den Sicherheitsboten abonniert. http://sicherheitsbote.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) Jelmer (Jun 06)
- RE: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) Larry Seltzer (Jun 06)
- Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) Gadi Evron (Jun 07)
- [sb] RE: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) Larry Seltzer (Jun 07)
- Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) Gadi Evron (Jun 07)
- <Possible follow-ups>
- RE: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) Chris Carlson (Jun 06)
- Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) http-equiv () excite com (Jun 07)
- Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) Gadi Evron (Jun 07)
- Re: Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) http-equiv () excite com (Jun 08)
- Re: Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) Gadi Evron (Jun 08)
- Re: Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) Benjamin Meade (Jun 09)
- Re: Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) Gadi Evron (Jun 09)
- Re: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) Gadi Evron (Jun 07)