Vulnerability Development mailing list archives
Re: Outlook/HTML "proggie"
From: Dan_Schrader () TRENDMICRO COM (Dan Schrader)
Date: Mon, 5 Jun 2000 11:05:10 -0700
It is worth noting that VBS.kakworm (details: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_KAKWORM.A -M), an embedded script virus similar to BubbleBoy, is the most common virus in the world today. For virus prevelence stats: http://wtc.trendmicro.com/wtc - change setting to show infected computers. This despite the fact that Microsoft patched the security hole this uses last August.
-----Original Message-----
From: Joerg Weber [SMTP:joerg () FS IS UNI-SB DE]
Sent: Friday, June 02, 2000 7:24 AM
To: VULN-DEV () SECURITYFOCUS COM
Subject: AW: Outlook/HTML "proggie"
Hi everyone,
as I started the initial thread with a question I'd like to comment on the
results that far:
I was concerned that the use of Outlook at my company is a security risk.
A
bigger one that I knew it is, that is :) So, I wanted to figure out wether
someone can screw my users over with an embedded HTML script which
executes
just by viewing. I concluded that while you can do that, the right
security
settings in Outlook prevent the execution of scripts just nicely.
Executing
an attachment is a different story, but then that's not limited to
scripts,
anyways.
Conclusion: Noone could produce a script that'd run properly or without a
warning in my Outlook 2k. That's fine and makes me sleep better.
BTW, ClasID 06290BD5-48AA-11D2-8432-006008C3FBFC is the exact same class
as
BubbleBoy used some time ago. Nothing new here, and not at all working if
your security settings are correct.
Greets,
Joerg
-----Ursprüngliche Nachricht-----
Von: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]Im Auftrag von
methodman
Gesendet: Donnerstag, 1. Juni 2000 22:33
An: VULN-DEV () SECURITYFOCUS COM
Betreff: Re: Outlook/HTML "proggie"
well...
since everybody is so interested in what the SCR object is, i'm going to
tell you...
it is an activex control with the classID:
06290BD5-48AA-11D2-8432-006008C3FBFC ,
it's name is actually SCRiptlet.typlib (that's why i gave it the id SCR).
WSH has the classID
F935DC22-1CF0-11D0-ADB9-00C04FD58A0B and is called "Windows Scripting Host
Shell Object",
(Wscript.SHell - therefore i gave it the id WSH).
about badblood... i didn't even hear about it until Thierry said it
exists,
same goes for the code written by Exxtreme.
about the source code... if you are reading this through outlook check
"thisreallyworks.txt" on your desktop :)).
-- this only works if the security level is not set to "restriced sites
zone"
[ methodman ]
Current thread:
- Re: Outlook/HTML "proggie", (continued)
- Re: Outlook/HTML "proggie" Maxime Rousseau (Jun 01)
- Re: Outlook/HTML "proggie" Shelagh Pepper (Jun 02)
- Re: Outlook/HTML "proggie" methodman (Jun 01)
- Possible problem with NT Domains Leigh Watson (Jun 02)
- Re: Outlook/HTML "proggie" Eric Chien (Jun 02)
- Re: Outlook/HTML "proggie" James Turner (Jun 02)
- MSProxy Server 2 Logic Bug (Jun 02)
- Re: Outlook/HTML "proggie" Walter Williams (Jun 02)
- AW: Outlook/HTML "proggie" Joerg Weber (Jun 02)
- Re: Outlook/HTML "proggie" Maxime Rousseau (Jun 02)
- Re: Outlook/HTML "proggie" Dan Schrader (Jun 05)
- Re: Outlook/HTML "proggie" Maxime Rousseau (Jun 01)