Full Disclosure mailing list archives

Re: Official IFRAME patch - make sure it installs correctly

From: Raoul Nakhmanson-Kulish <raoul () elforsoft com>
Date: Thu, 02 Dec 2004 19:57:39 +0300

Hello, Berend-Jan Wever!

The IFRAME vulnerability has been patched, see
http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx

Oh! Thanks, God!

Good that nobody has hit upon an idea until now about exploiting this tolaunch self-spreading mail virus without user interaction by puttingiframe into HTML message body: this hole is exploitable even inrestricted zone and millions of OE and Outlook lemmings would be doomed.


Such thought visited me nearly right away when I had known this issue.

--
Best regards,
Raoul Nakhmanson-Kulish
Elfor Soft Ltd.,
ERP Department
http://www.elforsoft.ru/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Official IFRAME patch - make sure it installs correctly Berend-Jan Wever (Dec 01)
- Re: Official IFRAME patch - make sure it installs correctly Kevin (Dec 01)
  - Re: Official IFRAME patch - make sure it installs correctly morning_wood (Dec 02)
- Re: Official IFRAME patch - make sure it installs correctly BillyBob (Dec 02)
  - Re: Official IFRAME patch - make sure it installs correctly daniel uriah clemens (Dec 02)
- Re: Official IFRAME patch - make sure it installs correctly Raoul Nakhmanson-Kulish (Dec 02)
- <Possible follow-ups>
- Re: Official IFRAME patch - make sure it installs correctly Des Ward (Dec 02)
  - Re: Official IFRAME patch - make sure it installs correctly Lionel Ferette (Dec 02)
- RE: Official IFRAME patch - make sure it installs correctly Todd Towles (Dec 02)
  - RE: Official IFRAME patch - make sure it installs correctly Nick FitzGerald (Dec 02)
- Re: Official IFRAME patch - make sure it installs correctly Des Ward (Dec 02)
- RE: Official IFRAME patch - make sure it installs correctly Rivera Alonso, David (Dec 03)