Full Disclosure mailing list archives
Re: IE exploit runs code from graphics?
From: Joe Stewart <jstewart () lurhq com>
Date: Thu, 24 Jun 2004 20:57:45 -0400
On Thu, 24 Jun 2004 19:02:01, larry () larryseltzer com wrote:
From http://www.eweek.com/article2/0,,1617045,00.asp: "Analysts at NetSec Inc., a managed security services provider, began seeing indications of the compromises early Thursday morning and have since seen a large number of identical attacks on their customers' networks. The attack uses a novel vector: embedded code hidden in graphics on Web pages... NetSec officials said the attack seems to exploit a vulnerability in Internet Explorer."
This is somewhat misleading. The attack is appending javascript footers to every file served by the IIS server, including image files. This isn't a new vector, it's just a side-effect. More information at http://isc.sans.org/ -Joe -- Joe Stewart, GCIH Senior Security Researcher LURHQ http://www.lurhq.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: IE exploit runs code from graphics? Joe Stewart (Jun 24)