Full Disclosure mailing list archives
Unofficial Internet Explorer FRAME/IFRAME fix
From: Thomas Rogg <tr-lists () cherryware de>
Date: Fri, 12 Nov 2004 03:24:04 +0100
Hello list, http://www.cherryware.de/framefix/This is a program, which patches the FRAME/IFRAME vulnerability described on the mailing list BugTraq (http://www.securityfocus.com/archive/1/380175) on Windows 2000 and XP. This vulnerability has been public for a rather short time and is already being used by MyDoom.AI and MyDoom.AH to spread themselves.
This patch does just-in-time patching. It does not change any system files, but rather installs a program that changes the loaded system files' code before a HTML page is loaded. Because of this, the patch is easily uninstallable.
Any comments appreciated, Thomas Rogg _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Unofficial Internet Explorer FRAME/IFRAME fix Thomas Rogg (Nov 11)
- Re: Unofficial Internet Explorer FRAME/IFRAME fix Nick FitzGerald (Nov 11)
- Re: Unofficial Internet Explorer FRAME/IFRAME fix Thomas Rogg (Nov 12)
- Re: Unofficial Internet Explorer FRAME/IFRAME fix Raoul Nakhmanson-Kulish (Nov 12)
- Re: Re: Unofficial Internet Explorer FRAME/IFRAME fix Thomas Rogg (Nov 12)
- Re: Unofficial Internet Explorer FRAME/IFRAME fix Thomas Rogg (Nov 12)
- Re: Unofficial Internet Explorer FRAME/IFRAME fix Nick FitzGerald (Nov 11)
- <Possible follow-ups>
- Re: Unofficial Internet Explorer FRAME/IFRAME fix n3td3v (Nov 12)
- Re: Re: Unofficial Internet Explorer FRAME/IFRAME fix Eric Paynter (Nov 12)