Vulnerability Development mailing list archives

Re: Bubble Boy Virus Spreading Mechanism

From: Andrew_Leong () EMAIL COM (Andrew Leong)
Date: Wed, 17 May 2000 11:40:53 +0800


Thanks Mr Hecix for forwarding the material. But some questions arise from
it. It is obvious that the script uses the Scriptlet.TypeLib Control from
the ClassID. However, why does it use 2 of them. And why is the one assided
to SoupNazi not used? Is there an error in the script? Or does the other one
use the EyeDog Control? If so then is the ClassID wrong?

Next question, does the Vandelay.Doc = " **INSERT CODE HERE**" mean that the
binary code is attached (like in buffer overflows?). How do we put the code
in? And what happens when Vandelay.Write is executed? Does it create a
temporary file with the code written into it? Then when Windoz reboots, does
it auto-run it due to the Update.HTA file? Or is the code written into
Update.HTA?

Comments anyone?

Thanks.

Andrew Leong
____________________________________________________________________________

Public Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x1BFF3601

PGP Key Fingerprint = 92F8 EF74 19A3 EEC6 6B83  9D83 A61B 20C5 1BFF 3601
____________________________________________________________________________

Current thread:

Re: Bubble Boy Virus Spreading Mechanism Maxime Rousseau (May 15)
- <Possible follow-ups>
- Re: Bubble Boy Virus Spreading Mechanism Mr Hecix (May 16)
- Re: Bubble Boy Virus Spreading Mechanism Mr Hecix (May 16)
- Re: Bubble Boy Virus Spreading Mechanism Andrew Leong (May 16)
  - Re: Bubble Boy Virus Spreading Mechanism Masial (May 16)
- Re: Bubble Boy Virus Spreading Mechanism . Hecix (May 17)