Full Disclosure mailing list archives
RE: IE exploit going around on irc
From: "Thor Larholm" <thor () pivx com>
Date: Tue, 6 Apr 2004 10:36:30 -0700
The MS03-032 Object Data vulnerability dealt with improper handling of HTA mime-types. What Niek forwarded is using the Ibiza CHM exploit that deals with improper privileges gained through the ms-its/ms-itss URL protocol handlers which is still unpatched. Roozbeh Afrasiabi on this and others: http://www.securityfocus.com/archive/1/358913/2004-03-26/2004-04-01/0 Drew Copley: http://www.securityfocus.com/archive/1/358914/2004-03-26/2004-04-01/0 My post in February: http://www.securityfocus.com/archive/1/355149/2004-02-24/2004-03-01/0 Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> -----Original Message----- From: David Jacoby [mailto:bugtraq () pewp hack se] Sent: Monday, April 05, 2004 11:38 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] IE exploit going around on irc I just found this information: http://securityresponse.symantec.com/avcenter/venc/data/download.tagdoor .html "Download.Tagdoor is a group of Trojan horses that exploit the Internet Explorer Object Tag Vulnerability. (This is described in Microsoft Security Bulletin MS03-032. )" ((pewp)) On Mon, 2004-04-05 at 19:52, Niek Baakman wrote:
Hi list, this thing's been going around on irc the last few days: www.divx.dc-hub.com (IE users don't click it!) check source: <iframe src='loi.htm' width=0 height=0></iframe> loi.htm contains: <object
data="ms-its:mhtml:file://C:\winhelp.mht!${PATH}/LOI.CHM::/loi.htm"
type="text/x-scriptlet"></object> LOI.CHM is attached Regards, Niek Baakman
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- IE exploit going around on irc Niek Baakman (Apr 05)
- Re: IE exploit going around on irc François Harvey (Apr 05)
- Re: IE exploit going around on irc David Jacoby (Apr 06)
- <Possible follow-ups>
- Re: IE exploit going around on irc http-equiv () excite com (Apr 05)
- IE exploit going around on irc Feher Tamas (Apr 06)
- RE: IE exploit going around on irc Thor Larholm (Apr 06)
- Re: IE exploit going around on irc Jelmer (Apr 06)
- Re: IE exploit going around on irc http-equiv () excite com (Apr 06)
- RE: IE exploit going around on irc Thor Larholm (Apr 06)
- Re: IE exploit going around on irc Jelmer (Apr 06)
- Re: IE exploit going around on irc Lise Moorveld (Apr 07)