Full Disclosure mailing list archives
Re: ADODB.Stream object
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 28 Aug 2003 00:02:43 +1200
jelmer <jkuperus () planet nl> to me: <<snip explanation of 3rd-party app dragging HTML content across the "security zone barrier" unhindered>>
I know this thought also crossed my mind, I also recieved some mail born virusses wich used a similar scheme but one may argue that had the zip file contained a .vbs or .exe file, people would have openened it aswell.
Sure, but there have been a few other self-mailing viruses that have distributed themselves via .ZIP file attachments and the relative success of Mimail in particular seems in no small part attributable to the fact that "your average punter" is exceedingly unlikely to consider an HTML file to be "suspicious" _in any context_. This observation of the expected -- "predictable" even -- failing of the human component in the "security chain" is what makes security vulnerabilities, such this latest one Jelmer has pointed out, much more dangerous than the typical "Mitigating factors" BS in MS Security Bulletins would have you believe. For those who haven't already realized, nearly everything listed as "Mitigating factors" in MS Security Bulletins related to HTML parsing/security zone/etc flaws in IE/OE/OL are, in fact, simple pointers to easy things any half-clever black-hat can obviously use to exploit the stupidity of several hundred million "typical Windows users", and usually most or all of these approaches will already have been outrageously successful (with other similar vulnerabilities) in two, three or more existing self-mailing viruses. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ADODB.Stream object jelmer (Aug 26)
- Re: ADODB.Stream object Thor Larholm (Aug 26)
- RE: ADODB.Stream object Richard M. Smith (Aug 26)
- Re: ADODB.Stream object Thor Larholm (Aug 26)
- RE: ADODB.Stream object Richard M. Smith (Aug 26)
- Re: ADODB.Stream object Stephen Clowater (Aug 26)
- RE: ADODB.Stream object Nick FitzGerald (Aug 26)
- RE: ADODB.Stream object Richard M. Smith (Aug 26)
- Re: ADODB.Stream object Thor Larholm (Aug 26)
- Re: ADODB.Stream object Nick FitzGerald (Aug 26)
- Re: ADODB.Stream object jelmer (Aug 27)
- Re: ADODB.Stream object Nick FitzGerald (Aug 27)
- Re: ADODB.Stream object jelmer (Aug 27)