Full Disclosure mailing list archives
new internet explorer exploit (was new worm)
From: Jelmer <jkuperus () planet nl>
Date: Mon, 29 Mar 2004 16:35:41 +0200
The code used by this worm to exploit it's users at least partly is (i think) new , the vulnerability it abused has afaik not been published on eighter bugtraq or full-disclosure. possibly making it (one of?) the first worm to totally catch people offguard. It allows a mallicious person to take any action on an unsuspecting user who view's a specially prepared page's pc The known ingredient it uses is : http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-08/1758.html that has gone unpatched for over 5 months now The remainder of the exploit manages to confuse this same adodb.stream object enough to make it think it's being run from a local location You can protect yourself against it by running http://ip3e83566f.speed.planet.nl/hacked-by-chinese/fix.reg I attached sample code myself to illustrate the problem, because http-equiv's was messy :) This one should be more straightforward to use Instructions : 1. unzip 2. overwrite exploit.exe with the executable you wish to run, or leave it untoched if you want to see some nice texturemapped rotation 3. upload the files to a webserver 4. view exploit.htm Tested on winxp pro all patches for the lazy ones among you can also view a demonstration here : http://ip3e83566f.speed.planet.nl/security/newone/exploit.htm
Attachment:
final.zip
Description:
Current thread:
- new internet explorer exploit (was new worm) Jelmer (Mar 29)
- Addressing Cisco Security Issues Geo. (Mar 29)
- Re: Addressing Cisco Security Issues Jason Dodson (Mar 29)
- Re: Addressing Cisco Security Issues Micheal Patterson (Mar 29)
- Re: Re: Addressing Cisco Security Issues Exibar (Mar 29)
- RE: Addressing Cisco Security Issues Burton M. Strauss III (Mar 29)
- Re: RE: Addressing Cisco Security Issues Michael Reilly (Mar 29)
- Re: Addressing Cisco Security Issues Geoincidents (Mar 29)
- Re: Addressing Cisco Security Issues Jason Dodson (Mar 29)
- Re: Addressing Cisco Security Issues Clayton Kossmeyer (Mar 29)
- Re: Re: Addressing Cisco Security Issues Luke Norman (Mar 29)
- Re: Addressing Cisco Security Issues Geoincidents (Mar 29)
- Addressing Cisco Security Issues Geo. (Mar 29)