Re: Outlook HTML VBS (demo)

[mrousseau () SECURED ORG (Masial)]

This is a problem with my S/MIME signature. I was testing some stuff about
it but that eMail wasnt supposed to go out signed... this is a totally
seperate issue but interesting nontheless.

On the other hand... the signature should be valid, maybe there is an issue
with signing content that is 'dynamic' ?

BB also asks what could you possibly do with this kind of thing. There is
quite alot of possibilities, you could try and exploit a vulnerable activeX
on the system, or have it re-install an old vulnerable version and then
exploit it. This is all pretty much speculations but i recall that Microsoft
signed software can be silently installed on computers (thanks MS!). This
can be used in conjunction with the lastest activex objects vulnerabilities
(remember my BubbleBoy interest?).

My guess is, given a couple of coding hours, one could craft a virus smart
enough to install itself deep into the system via a couple of tricks that
could be harmless when not used together. I'm not too hot about doing one at
the moment given the recent ILY and NLove issues, the (clueless?) FBI might
just come at me too, heh.

It would be prudent to take mesures if the message box did pop on your
system.

M.
Secured Industries
Why fear the unknown?
22E2 812A 50AA DC3B 107D 60E2 9998 959E 10E3 6031

> -----Original Message-----
> From: Michael Hendy
> Sent: Sunday, May 21, 2000 9:14 PM
> Subject: Re: Outlook HTML VBS (demo)
>
>
> Masial,
>
> I don't know what it was that you sent because, when I tried to
> open up your
> email I got the following, never before seen Outlook alert message:
>
>       "Can't open this item.  Your key set can not be found by
> the underlying
> security system."
>
> Does anyone know what it means.