Vulnerability Development mailing list archives
RE: Fwd: Please post this anonymously (without my email-address a nd such)
From: "PIATT, BRET L (PB)" <bp3847 () sbc com>
Date: Thu, 25 Oct 2001 10:13:59 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I do believe its automatic in IE5.5 SP2 and IE6 and has to be disabled through the registry. I recall some information about this from somebody on either this list or Bugtraq in the past month. I can't seem to find the message now, maybe somebody else can? It had a list of registry keys you need to change to disable this. Bret Piatt | Network Security Engineer II | CISSP-CCNP-CCDP SBC DataComm | Advanced Security Services Group | SCNA-RHCE-MCP - -----Original Message----- From: Chris Carey [mailto:chris () sublimespot com] Sent: Wednesday, October 24, 2001 2:48 PM To: vuln-dev () securityfocus com Subject: Re: Fwd: Please post this anonymously (without my email-address and such) After a crash, IE Bug Reporting requires you to click a button to actually send the bug report. I dont believe it is automatic, like John Doe suggested. So I guess from here lets add the 'Spoof the Screen' IE vuln into the mix and trick them into sending the report At this point I dont see this scenario as a threat. Chris - ----- Original Message ----- From: "Mike DeGraw-Bertsch" <mbertsch () radioactivedata org> To: "Blue Boar" <BlueBoar () thievco com> Cc: <vuln-dev () securityfocus com> Sent: Wednesday, October 24, 2001 8:51 AM Subject: Re: Fwd: Please post this anonymously (without my email-address and such)
An interesting thought, though you'd have to get the virus to propogate prior to Outlook crashing. Otherwise you'd have to send a heck of a lot of messages yourself. -Mike On Tue, 23 Oct 2001, Blue Boar wrote:A few of my co-workers and I were just discussing the new error
reporting
functions of Internet Explorer, and we came up with a nasty idea for a
virus
utilizing that function as a method of causing a DoS. The idea is to
write
a virus that propagates through email (nothing new here) and exploits Outlook and Outlook Express to achieve that propagation. This virus
would
essentially cause the autopreview pane of Outlook to open viewing some
type
of HTML/ASP, etc in a way that would cause IE to crash when attempting
to
sort it. At that point, with the more recent releases of IE, there
would be
an automatic initiation of debug data sent to Microsoft, through using
DNS
to resolve. Obvious effects would be a likely DoS on business networks and on Microsoft's debug servers. Other effects could include difficulty in reaching and downloading patches for the vulnerabilities in the
software (if
Microsoft patch servers are utilizing the same WAN link as the debug servers), as well as possible effects upon DNS servers, especially at Microsoft. In addition, as has already been talked about, an enormous amount of private information possibly stored on the debugs would be forwarded as well. I would imagine that this type of virus could also effect other kinds of "bugzilla" services. Just a thought...
-----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBO9hIHl+IxmqPU329EQKBzwCfc6l4kOAUm9GFXwVsJBDITj0lhTYAn1yq AaQke/iHCyHCPM49/N2PpjMK =CUDB -----END PGP SIGNATURE-----
Current thread:
- RE: Fwd: Please post this anonymously (without my email-address a nd such) PIATT, BRET L (PB) (Oct 25)