Full Disclosure mailing list archives
Re: new internet explorer exploit (was new worm)
From: "- -" <erwinp21 () hotmail com>
Date: Tue, 30 Mar 2004 14:16:37 +0000
Drew Coply wrote:
Yeah. It is a zero day worm, and it is very notable as such.
I can not recall a previous zero day worm. (AV is not my job, but I do try and follow zero day.)
Hence, IE has birthed us the first zero day worm.
On one hand this worm exploits unpatched vulnerabilities, but on the other hand these vulnerabilities were already known for some time, as shown in the references below.
http://archives.neohapsis.com/archives/bugtraq/2003-12/0337.html http://archives.neohapsis.com/archives/bugtraq/2003-11/0307.htmlMS attempted to patch one of them, but as we all know they failed doing it properly. Still I think this "worm" is nothing to get to exciting about, it is nothing more than two known vulnerabilites combined. While I think MS should patch those vulnerabilities a.s.a.p, the word 0-day is a bit to strong for this "worm".
Thor Larholm wrote:
K-OTiK posted about this in http://www.securityfocus.com/archive/1/354447 and we posted details of the Ibiza CHM exploit a few weeks before then on the Unpatched mailing list ( http://unpatched.pivxlabs.com ).I assume you mean the brief analyses you posted earlier to the unpatched mailing list? (sorry, no reference since the unpatched mail archive is currently down) Have you discovered any new noteworthy information about the Bizex worm, since you were still researching the impact of the worm when you send that earlier message to the list?
Regards, Erwin _________________________________________________________________Free up your inbox with MSN Hotmail Extra Storage. Multiple plans available. http://join.msn.com/?pgmarket=en-us&page=hotmail/es2&ST=1/go/onm00200362ave/direct/01/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Addressing Cisco Security Issues, (continued)
- Re: Addressing Cisco Security Issues neal rauhauser (Mar 29)
- AW: new internet explorer exploit (was new worm) Ron Stiemer (Mar 29)
- Message not available
- Re: new internet explorer exploit (was new worm) Nick FitzGerald (Mar 30)
- RE: new internet explorer exploit (was new worm) Drew Copley (Mar 29)
- Re: new internet explorer exploit (was new worm) Berend-Jan Wever (Mar 29)
- Re: RE: new internet explorer exploit (was new worm) Valdis . Kletnieks (Mar 29)
- RE: [inbox] Re: RE: new internet explorer exploit (was new worm) Exibar (Mar 29)
- RE: new internet explorer exploit (was new worm) Thor Larholm (Mar 29)
- Re: RE: new internet explorer exploit (was new worm) Tim (Mar 29)
- Re: new internet explorer exploit (was new worm) Jelmer (Mar 30)
- Re: new internet explorer exploit (was new worm) - - (Mar 30)
- RE: new internet explorer exploit (was new worm) Drew Copley (Mar 30)