Bugtraq mailing list archives
Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]
From: Andreas Marx <amarx () gega-it de>
Date: Sat, 10 May 2003 00:55:16 +0200
Hello!I've contacted Microsoft (secure () microsoft com) about the first problem you've mentioned on 2003-02-17 and they told me that they'll looking into this. I've provided them further details on 2003-02-21 as I've found out that there are much more way to exploit this - telnet will work, but Windows supports a much higher number of possible protocols you can use for this with the same and other strange results (try scp:// for example on Windows ME/XP).
After some tries to get more information about this issue, a mail dated 2003-04-08 finally got answered on 2003-04-13 with the results that's more or less "behaviour by design", but they want to research on this further. I never heared back from them anymore...
cheers, Andreas Marx At 16:05 08.05.2003 +0700, Marek Bialoglowy wrote:
Systems Affected : Internet Explorer 6.0.2800 (6.x?) Remotely exploitable: Yes Author: Marek Bialoglowy (System Integra - mb () systemintegra com) Attached files: dmz2.rar (archive password:zones)
[...]
I've found some sample VB script created by person using nickname 'netric' and creating large number of FRAMES in Internet Explorer and mass executing 'telnet://www.microsoft.com:80' requests. I believe this dangerous VBS scripts is known to everyone already (AVP recognizes it as Trojan.VBS.IFram). Well, I believe it is right moment to inform Bugtraq
[...] -- Andreas Marx <amarx () gega-it de>, http://www.av-test.org GEGA IT-Solutions GbR, Klewitzstr. 7, 39112 Magdeburg, Germany Phone: +49 (0)391 6075466, Fax: +49 (0)391 6075469
Current thread:
- Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL] Marek Bialoglowy (May 09)
- Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL] Andreas Marx (May 10)