Vulnerability Development mailing list archives
Re: Fwd: Please post this anonymously (without my email-address and such)
From: "Chris Carey" <chris () sublimespot com>
Date: Wed, 24 Oct 2001 14:48:16 -0700
After a crash, IE Bug Reporting requires you to click a button to actually send the bug report. I dont believe it is automatic, like John Doe suggested. So I guess from here lets add the 'Spoof the Screen' IE vuln into the mix and trick them into sending the report At this point I dont see this scenario as a threat. Chris ----- Original Message ----- From: "Mike DeGraw-Bertsch" <mbertsch () radioactivedata org> To: "Blue Boar" <BlueBoar () thievco com> Cc: <vuln-dev () securityfocus com> Sent: Wednesday, October 24, 2001 8:51 AM Subject: Re: Fwd: Please post this anonymously (without my email-address and such)
An interesting thought, though you'd have to get the virus to propogate prior to Outlook crashing. Otherwise you'd have to send a heck of a lot of messages yourself. -Mike On Tue, 23 Oct 2001, Blue Boar wrote:A few of my co-workers and I were just discussing the new error
reporting
functions of Internet Explorer, and we came up with a nasty idea for a
virus
utilizing that function as a method of causing a DoS. The idea is to
write
a virus that propagates through email (nothing new here) and exploits Outlook and Outlook Express to achieve that propagation. This virus
would
essentially cause the autopreview pane of Outlook to open viewing some
type
of HTML/ASP, etc in a way that would cause IE to crash when attempting
to
sort it. At that point, with the more recent releases of IE, there
would be
an automatic initiation of debug data sent to Microsoft, through using
DNS
to resolve. Obvious effects would be a likely DoS on business networks and on Microsoft's debug servers. Other effects could include difficulty in reaching and downloading patches for the vulnerabilities in the
software (if
Microsoft patch servers are utilizing the same WAN link as the debug servers), as well as possible effects upon DNS servers, especially at Microsoft. In addition, as has already been talked about, an enormous amount of private information possibly stored on the debugs would be forwarded as well. I would imagine that this type of virus could also effect other kinds of "bugzilla" services. Just a thought...
Current thread:
- Fwd: Please post this anonymously (without my email-address and such) Blue Boar (Oct 24)
- Re: Fwd: Please post this anonymously (without my email-address and such) Mike DeGraw-Bertsch (Oct 24)
- Re: Fwd: Please post this anonymously (without my email-address and such) terry white (Oct 24)
- Re: Fwd: Please post this anonymously (without my email-address and such) Chris Carey (Oct 24)
- Re: Fwd: Please post this anonymously (without my email-address and such) Mike DeGraw-Bertsch (Oct 24)