Vulnerability Development mailing list archives
Re: UPDATE on possible new "e-mail virus" concept ?
From: 11a () GMX NET (Bluefish)
Date: Sun, 21 May 2000 00:41:10 +0200
This is nothing new. It's been done before. And exploited before. And Microsoft fixed the hole. Cache directories for IE are now randomly named. That's why a "dir /ad c:\windows\tempor~1\content.ie5" on my system returns:
But, does that *really* mean it isn't exploitable?
looking at how netscape handles the same issue, each directory
listing corresponds to an automaticly created "page". If e.g. javascript
or vbscript be setuped to parse this, you could wander through the
directory structure.
No expert upon what these scripts can and can't do, but I'd say it
complicates an nameguessing attack somewhat, not stop it.
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
Current thread:
- UPDATE on possible new "e-mail virus" concept ?, (continued)
- UPDATE on possible new "e-mail virus" concept ? Zoa_Chien (May 19)
- Re: UPDATE on possible new "e-mail virus" concept ? Jim Paris (May 19)
- Re: UPDATE on possible new "e-mail virus" concept ? Jon Williams (May 20)
- Windows IP Fragment Reassembly Vulnerability Masial (May 20)
- Re: Windows IP Fragment Reassembly Vulnerability Mikael Olsson (May 21)
- Re: Outlook HTML VBS (demo) Michael Hendy (May 21)
- Re: Outlook HTML VBS (demo) Masial (May 22)
- Re: Windows IP Fragment Reassembly Vulnerability Blue Boar (May 21)
- Re: UPDATE on possible new "e-mail virus" concept ? Jim Paris (May 19)
- krb5 1.1.1 Mariusz Woloszyn (May 22)
- Re: Windows IP Fragment Reassembly Vulnerability Pete Philips (May 23)
- UPDATE on possible new "e-mail virus" concept ? Zoa_Chien (May 19)
- Re: UPDATE on possible new "e-mail virus" concept ? Bluefish (May 20)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Silvio L. Nisgoski (May 19)
- Anyone have a copy of the New LoveYou code! Rich Dube (May 19)