Bugtraq mailing list archives
RE: new internet explorer exploit (was new worm)
From: "Thor Larholm" <thor () pivx com>
Date: Mon, 29 Mar 2004 14:12:32 -0800
Drew Copley already mentioned how this is the CHM exploit that the Ibiza exploit relied on. K-OTiK posted about this in http://www.securityfocus.com/archive/1/354447 and we posted details of the Ibiza CHM exploit a few weeks before then on the Unpatched mailing list ( http://unpatched.pivxlabs.com ). The Bizex worm also used Unpatched IE vulnerabilities as was detailed in http://www.securityfocus.com/archive/1/355149/2004-02-24/2004-03-01/0 Implementing proactive security measures such as locking down the My Computer zone prevents this from having an effect. Both of these issues were mitigated against months in advance with Qwik-Fix, which has just been released as Qwik-Fix Pro at the Gartner Symposium/Itxpo 2004 . http://www.pivx.com/press_releases/qwikfixpro_gartner.html Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> -----Original Message----- From: Void [mailto:void () sect net] Sent: Monday, March 29, 2004 11:15 AM To: Jelmer; full-disclosure () lists netsys com; bugtraq () securityfocus com Subject: Re: new internet explorer exploit (was new worm) Just wanted to add that Norton Anti-Virus 2004 will detect this exploit and pop up a warning, but also fails to halt its execution or protect the user in any way. Here is what it thinks it is: http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.explo it.6.html So there is some measure of warning, but no real protection.
Current thread:
- new internet explorer exploit (was new worm) Jelmer (Mar 29)
- Addressing Cisco Security Issues Geo. (Mar 29)
- Re: Addressing Cisco Security Issues Jason Dodson (Mar 29)
- Re: Addressing Cisco Security Issues Clayton Kossmeyer (Mar 30)
- Re: new internet explorer exploit (was new worm) Void (Mar 29)
- Re: new internet explorer exploit (was new worm) Jelmer (Mar 30)
- Re: new internet explorer exploit (was new worm) Nick FitzGerald (Mar 30)
- <Possible follow-ups>
- RE: new internet explorer exploit (was new worm) Drew Copley (Mar 29)
- Re: new internet explorer exploit (was new worm) Berend-Jan Wever (Mar 30)
- RE: new internet explorer exploit (was new worm) Thor Larholm (Mar 30)
- Addressing Cisco Security Issues Geo. (Mar 29)