Vulnerability Development mailing list archives
FW: Re: not confirmed but i wonder what this would do
From: itm () itmo dyndns org
Date: Sat, 29 Dec 2001 21:33:23 +0200 (EET)
forwarding his to vuln-dev like i was told.
I havent tested this but i wonder if this could be used as a DoS attack: 1.embed a string to a cookie which matches with some virus string (like that example virus-detector string, cant remember its name) 2.browser usually saves the cookie straight into a file 3.anti-virus program finds out that there is a virus in the file since it matches the string, and quarantines /deletes the file and pops up a dialog 4. what then? IE dies since it cant access the cookie file? user is very confused? browsing is halted atleast? will the antivirus program intercept the attack from the http response already or will it get into the file and cause this effect? what can you do to prevent stuff like this? naturally disable cookies or not browse the site but.. gotta test this but now i havent got the time. Markus Mikkolainen
Current thread:
- FW: Re: not confirmed but i wonder what this would do itm (Dec 29)