Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IE exploit runs code from graphics?

From: Joe Stewart <jstewart () lurhq com>
Date: Thu, 24 Jun 2004 20:57:45 -0400
On Thu, 24 Jun 2004 19:02:01, larry () larryseltzer com wrote:

From http://www.eweek.com/article2/0,,1617045,00.asp: 

"Analysts at NetSec Inc., a managed security services provider, began 
seeing indications of the compromises early Thursday morning and have 
since seen a large number of identical attacks on their customers' networks.
The attack uses a novel vector: embedded code hidden in graphics on Web 
pages... NetSec officials said the attack seems to exploit a vulnerability
in Internet Explorer." 


This is somewhat misleading. The attack is appending javascript footers to 
every file served by the IIS server, including image files. This isn't a new 
vector, it's just a side-effect. More information at http://isc.sans.org/

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ http://www.lurhq.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: