Re: AIM Password theft

[Jamie Pratt <jamie () nucdc org>]

Anyone know when this will terrible flaw be fixed by MS?

regards,
jamie

On 9/23/2003 7:44 PM, Lothar Kimmeringer wrote:
> On Tue, 23 Sep 2003 10:53:59 -0400, Mark Coleman wrote:
>
>
> > I just started investigating a report that appears to have merit of a 
> > username/password theft of AIM accounts.
> >
> > Users are being directed to a web page located at www.haxr.org where the 
> > source appears to run a javascript program that is proportedly stealing 
> > AIM usernames/passwords/buddy lists.
> >
> > Does anyone have any information related to www. haxr.org or the 
> > technique being used? 
>
>
> The technique uses a flaw in Internet Explorer with the OBJECT-tag
> allowing code to be executed locally that is loaded from a website.
>
> The tag
> <![CDATA[
> <object data=tracker.php></object>
> ]]>
> lets IE download a HTML-application that will be executed after
> loading.
>
> A testpage where you can test your locally installed Internet
> Explorer for being vulnerable can be found at
> http://www.heise.de/security/dienste/browsercheck/demos/ie/htacheck.shtml
> If your installation is vulnerable, a program will be downloaded
> to C:\browsercheck.exe that will executed afterwards leading to
> a window popping up. The page is in German.
>
>
> Regards, Lothar

--


---------------------------------------------------------------------------
----------------------------------------------------------------------------