Full Disclosure mailing list archives
WinXP SP2 comments (was: Internet explorer 6 execution of arbitrary code)
From: "Chris Carlson" <chris () compucounts com>
Date: Mon, 7 Jun 2004 00:11:22 -0400
No complaints from me. While the new "security center" complains about how I don't have a firewall or antivirus installed (it doesn't detect either), the better security more than makes up for this minor annoyance - I no longer need to worry about where I go because the simple yet absolute 'no popups' and 'no software installations' security settings lock IE down so well. A note about the security center- I *think* it can be disabled by editing the %systemroot%\inf\sysoc.inf file to show the entry for it in add/remove windows components. I've tried to do this, but it either does not have immediate results, or does not work. I havn't done any real research on it because of a lack of time (or perhaps patience), but would like to know how to get rid of this if anyone knows. I think VirtualPC and SP2 have problems coexisting, since VirtualPC has never worked properly for me (host BSOD when starting a VM or VM BSOD while installing; comments?), but that aside I've seen no apparent problems- instability, memory management or otherwise. After attempting to uninstall SP2 (beta, not RC1 - all other comments are regarding RC1), many windows components claimed I was still running SP2, while others claimed SP1. I think this may have caused some problems when attempting to install a second (very old) video adapter (BSOD, lockups, etc), but there's no way to be sure of it. It appears to just be a quark in the installer. /c
-----Original Message----- From: Jelmer [mailto:jkuperus () planet nl] Sent: Sunday, June 06, 2004 22:17 To: Chris Carlson Cc: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) I haven't installed SP2 yet since I heard a lot of complaints from people who claimed it caused instability, it had memory management issues, some drivers didn't work, security measures a bit too much in your face etc But I reviewed the list of changes sometime back and I concur, it looks very promising, I think in the near future an IE exploit will be a rare occurrence as opposed to a bi weekly event -----Original Message----- From: Chris Carlson [mailto:chris () compucounts com] Sent: maandag 7 juni 2004 4:06 To: Jelmer Cc: full-disclosure () lists netsys com; bugtraq () securityfocus com Subject: RE: [Full-disclosure] Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan) When run remotely: Line: 1 Char: 1 Error: Access is denied. Code: 0 URL: http://62.131.86.111/security/idiots/repro/installer.htm When run locally, software installation is blocked. Using IE 6.0.2900.2096 SP2, WinXP SP2 I've gotta say that SP2 has some VERY nice protection builtin. On the downside, I still havn't figured out how to turn it off ;)-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Jelmer Sent: Sunday, June 06, 2004 21:22 To: bugtraq () securityfocus com Cc: full-disclosure () lists netsys com; peter () diplomatmail net Subject: [Full-disclosure] Internet explorer 6 execution ofarbitrarycode (An analysis of the 180 Solutions Trojan) Just when I though it was save to once more use internet explorer I received an email bringing my attention to this webpage http://216.130.188.219/ei2/installer.htm that accordingto him usedan exploit that affected fully patched internet explorer 6browsers.Being rather skeptical I carelessly clicked on the link only to witness how it automatically installed addware on my pc!!! Now there had been reports about 0day exploits makingrounds for quitesome time like for instance this posthttp://www.securityfocus.com/archive/1/363338/2004-05-11/2004-05-17/0However I hadn't seen any evidence to support this up untilnow ThorLarholm as usual added to the confusion by deliberately spreading disinformation as seen in this post http://seclists.org/lists/bugtraq/2004/May/0153.html Attributing it to and I quote "just one of the remaining IE vulnerabilities that are not yet patched" I've attempted to write up an analysis that will show thatthere areat least 2 new and AFAIK unpublished vulnerabilities (feel free to proof me wrong) out there in the wild, one being fairly sophisticated You can view it at: http://62.131.86.111/analysis.htm Additionally you can view a harmless demonstration of the vulnerabilities at http://62.131.86.111/security/idiots/repro/installer.htm Finally I also attached the source files to this message
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- WinXP SP2 comments (was: Internet explorer 6 execution of arbitrary code) Chris Carlson (Jun 06)
- RE: WinXP SP2 comments (was: Internet explorer 6 execution of arbitrary code) Poof (Jun 06)
- RE: WinXP SP2 comments (was: Internet explorer 6 execution of arbitrary code) Yaakov Yehudi (Jun 07)
- RE: WinXP SP2 comments (was: Internet explorer 6 execution of arbitrary code) Scott Phelps (Jun 07)
- Re: WinXP SP2 comments (was: Internet explorer 6 execution of arbitrary code) Nils Ketelsen (Jun 07)
- RE: WinXP SP2 comments (was: Internet explorer 6 execution of arbitrary code) Poof (Jun 06)