Security Incidents mailing list archives
Re: AIM Password theft
From: Jamie Pratt <jamie () nucdc org>
Date: Wed, 24 Sep 2003 08:35:32 -0400
Anyone know when this will terrible flaw be fixed by MS? regards, jamie On 9/23/2003 7:44 PM, Lothar Kimmeringer wrote:
On Tue, 23 Sep 2003 10:53:59 -0400, Mark Coleman wrote:I just started investigating a report that appears to have merit of a username/password theft of AIM accounts.Users are being directed to a web page located at www.haxr.org where the source appears to run a javascript program that is proportedly stealing AIM usernames/passwords/buddy lists.Does anyone have any information related to www. haxr.org or the technique being used?The technique uses a flaw in Internet Explorer with the OBJECT-tag allowing code to be executed locally that is loaded from a website. The tag <![CDATA[ <object data=tracker.php></object> ]]> lets IE download a HTML-application that will be executed after loading. A testpage where you can test your locally installed Internet Explorer for being vulnerable can be found at http://www.heise.de/security/dienste/browsercheck/demos/ie/htacheck.shtml If your installation is vulnerable, a program will be downloaded to C:\browsercheck.exe that will executed afterwards leading to a window popping up. The page is in German. Regards, Lothar
-- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- AIM Password theft Mark Coleman (Sep 23)
- Re: AIM Password theft Lothar Kimmeringer (Sep 23)
- Re: AIM Password theft Jamie Pratt (Sep 24)
- Re: AIM Password theft Valdis . Kletnieks (Sep 24)
- Re: AIM Password theft Meritt James (Sep 25)
- Re: AIM Password theft VU#865940 CERT(R) Coordination Center (Sep 25)
- Re: AIM Password theft Jamie Pratt (Sep 24)
- Re: AIM Password theft Lothar Kimmeringer (Sep 23)
- <Possible follow-ups>
- RE: AIM Password theft Andrew McKnight (Sep 24)
- Re: [incidents] RE: AIM Password theft Tim Kennedy (Sep 24)
- Re: AIM Password theft Rick Updegrove (Sep 24)
- Re: AIM Password theft Meritt James (Sep 25)
- RE: AIM Password theft Bergeron, Jared (Sep 24)