Re: Fwd: Please post this anonymously (without my email-address and such)

["Chris Carey" <chris () sublimespot com>]

After a crash, IE Bug Reporting requires you to click a button to actually
send the bug report. I dont believe it is automatic, like John Doe
suggested.

So I guess from here lets add the 'Spoof the Screen' IE vuln into the mix
and trick them into sending the report

At this point I dont see this scenario as a threat.

Chris

----- Original Message -----
From: "Mike DeGraw-Bertsch" <mbertsch () radioactivedata org>
To: "Blue Boar" <BlueBoar () thievco com>
Cc: <vuln-dev () securityfocus com>
Sent: Wednesday, October 24, 2001 8:51 AM
Subject: Re: Fwd: Please post this anonymously (without my email-address and
such)


> An interesting thought, though you'd have to get the virus to propogate
> prior to Outlook crashing.  Otherwise you'd have to send a heck of a lot
> of messages yourself.
>
>   -Mike
>
> On Tue, 23 Oct 2001, Blue Boar wrote:
>
> > > A few of my co-workers and I were just discussing the new error
reporting
> > > functions of Internet Explorer, and we came up with a nasty idea for a
virus
> > > utilizing that function as a method of causing a DoS.  The idea is to
write
> > > a virus that propagates through email (nothing new here) and exploits
> > > Outlook and Outlook Express to achieve that propagation.  This virus
would
> > > essentially cause the autopreview pane of Outlook to open viewing some
type
> > > of HTML/ASP, etc in a way that would cause IE to crash when attempting
to
> > > sort it.  At that point, with the more recent releases of IE, there
would be
> > > an automatic initiation of debug data sent to Microsoft, through using
DNS
> > > to resolve.
> > >
> > > Obvious effects would be a likely DoS on business networks and on
> > > Microsoft's debug servers.  Other effects could include difficulty in
> > > reaching and downloading patches for the vulnerabilities in the
software (if
> > > Microsoft patch servers are utilizing the same WAN link as the debug
> > > servers), as well as possible effects upon DNS servers, especially at
> > > Microsoft.  In addition, as has already been talked about, an enormous
> > > amount of private information possibly stored on the debugs would be
> > > forwarded as well.  I would imagine that this type of virus could also
> > > effect other kinds of "bugzilla" services.
> > >
> > > Just a thought...