Vulnerability Development mailing list archives
RE: IE bookmark 'clever' feature not so clever after all
From: "Petruzel, Oliver" <OliverP () aegisresearch com>
Date: Thu, 16 Aug 2001 09:35:57 -0400
Exploiting this would be a "social engineering" exploit, not a bug. I guess the more integrated we get the harder it will be to prevent this kind of social exploit.
that is simply not accurate. This exploit can harm IE users remotely through javascript coding. plain and simple. If anything, it's a combination social/logical exploit. One of the most popular, yet subtle, methods of exploitation is malicious web content. the key is simply drawing the viewers to the location. The rest is handled silently by M$ software. (in most cases - setting internet zone sec to high might prevent this or make it much more difficult/detectable). This could also take place through the wonderful IE/Outlook relationships, and even more so perhaps in XP. A malicious email can be sent that once viewed simply says "hi", while in the background, the scripting is placing or replacing bookmarks... or: examples: 1) searched and replaced bookmark for yahoo.com or google.com. they are replaced with commands such as rdisk or perhaps something else with user-level priv instead. the next time the user wishes to search, they are confused and hacked (cracked.. whatever). this is not a social engineered exploit, it's a logical one. 2) links in email or web content which say one thing such as "you have a new greeting card at www.sweethearts.com", which point to a malicious site instead (Favorites change has occurred), which the attacker has crafted to error out (yet running malicious script quietly in the background) then redirects to the real site. This is YOUR combo of social/logical. 3) and just to bring up my favorite subject again, add Raw Socket priv's for all users to this equation...you do the math. the possibilities then become endless! but as u may see, it's not purely social, and can be prevented simply by disallowing remote priv to "Favorites" defining. M$ all too often gives us these wonderful "features" that backfire. I wish they would just K.I.S.S. -oliver p.
Current thread:
- IE bookmark 'clever' feature not so clever after all perkere stinker (Aug 15)
- Re: IE bookmark 'clever' feature not so clever after all Sould3mon (Aug 15)
- Re: IE bookmark 'clever' feature not so clever after all Kevin Gagel (Aug 15)
- Re: IE bookmark 'clever' feature not so clever after all Xyntrix (Aug 15)
- Re: IE bookmark 'clever' feature not so clever after all Kevin Gagel (Aug 15)
- <Possible follow-ups>
- RE: IE bookmark 'clever' feature not so clever after all Petruzel, Oliver (Aug 16)
- Re: IE bookmark 'clever' feature not so clever after all Sould3mon (Aug 15)