Vulnerability Development mailing list archives
Re: Outlook/HTML "proggie"
From: Dan_Schrader () TRENDMICRO COM (Dan Schrader)
Date: Mon, 5 Jun 2000 11:05:10 -0700
It is worth noting that VBS.kakworm (details: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_KAKWORM.A -M), an embedded script virus similar to BubbleBoy, is the most common virus in the world today. For virus prevelence stats: http://wtc.trendmicro.com/wtc - change setting to show infected computers. This despite the fact that Microsoft patched the security hole this uses last August.
-----Original Message----- From: Joerg Weber [SMTP:joerg () FS IS UNI-SB DE] Sent: Friday, June 02, 2000 7:24 AM To: VULN-DEV () SECURITYFOCUS COM Subject: AW: Outlook/HTML "proggie" Hi everyone, as I started the initial thread with a question I'd like to comment on the results that far: I was concerned that the use of Outlook at my company is a security risk. A bigger one that I knew it is, that is :) So, I wanted to figure out wether someone can screw my users over with an embedded HTML script which executes just by viewing. I concluded that while you can do that, the right security settings in Outlook prevent the execution of scripts just nicely. Executing an attachment is a different story, but then that's not limited to scripts, anyways. Conclusion: Noone could produce a script that'd run properly or without a warning in my Outlook 2k. That's fine and makes me sleep better. BTW, ClasID 06290BD5-48AA-11D2-8432-006008C3FBFC is the exact same class as BubbleBoy used some time ago. Nothing new here, and not at all working if your security settings are correct. Greets, Joerg -----Ursprüngliche Nachricht----- Von: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]Im Auftrag von methodman Gesendet: Donnerstag, 1. Juni 2000 22:33 An: VULN-DEV () SECURITYFOCUS COM Betreff: Re: Outlook/HTML "proggie" well... since everybody is so interested in what the SCR object is, i'm going to tell you... it is an activex control with the classID: 06290BD5-48AA-11D2-8432-006008C3FBFC , it's name is actually SCRiptlet.typlib (that's why i gave it the id SCR). WSH has the classID F935DC22-1CF0-11D0-ADB9-00C04FD58A0B and is called "Windows Scripting Host Shell Object", (Wscript.SHell - therefore i gave it the id WSH). about badblood... i didn't even hear about it until Thierry said it exists, same goes for the code written by Exxtreme. about the source code... if you are reading this through outlook check "thisreallyworks.txt" on your desktop :)). -- this only works if the security level is not set to "restriced sites zone" [ methodman ]
Current thread:
- Re: Outlook/HTML "proggie", (continued)
- Re: Outlook/HTML "proggie" Maxime Rousseau (Jun 01)
- Re: Outlook/HTML "proggie" Shelagh Pepper (Jun 02)
- Re: Outlook/HTML "proggie" methodman (Jun 01)
- Possible problem with NT Domains Leigh Watson (Jun 02)
- Re: Outlook/HTML "proggie" Eric Chien (Jun 02)
- Re: Outlook/HTML "proggie" James Turner (Jun 02)
- MSProxy Server 2 Logic Bug (Jun 02)
- Re: Outlook/HTML "proggie" Walter Williams (Jun 02)
- AW: Outlook/HTML "proggie" Joerg Weber (Jun 02)
- Re: Outlook/HTML "proggie" Maxime Rousseau (Jun 02)
- Re: Outlook/HTML "proggie" Dan Schrader (Jun 05)
- Re: Outlook/HTML "proggie" Maxime Rousseau (Jun 01)