RE: Fwd: Please post this anonymously (without my email-address a nd such)

["PIATT, BRET L (PB)" <bp3847 () sbc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I do believe its automatic in IE5.5 SP2 and IE6 and has to be
disabled through the registry.  I recall some information about this
from somebody on either this list or Bugtraq in the past month.  I
can't seem to find the message now, maybe somebody else can?  It had
a list of registry keys you need to change to disable this.

Bret Piatt   | Network Security Engineer II     | CISSP-CCNP-CCDP
SBC DataComm | Advanced Security Services Group | SCNA-RHCE-MCP 


- -----Original Message-----
From: Chris Carey [mailto:chris () sublimespot com] 
Sent: Wednesday, October 24, 2001 2:48 PM
To: vuln-dev () securityfocus com
Subject: Re: Fwd: Please post this anonymously (without my
email-address and such)


After a crash, IE Bug Reporting requires you to click a button to
actually send the bug report. I dont believe it is automatic, like
John Doe suggested.

So I guess from here lets add the 'Spoof the Screen' IE vuln into the
mix and trick them into sending the report

At this point I dont see this scenario as a threat.

Chris

- ----- Original Message -----
From: "Mike DeGraw-Bertsch" <mbertsch () radioactivedata org>
To: "Blue Boar" <BlueBoar () thievco com>
Cc: <vuln-dev () securityfocus com>
Sent: Wednesday, October 24, 2001 8:51 AM
Subject: Re: Fwd: Please post this anonymously (without my
email-address and
such)


> An interesting thought, though you'd have to get the virus to 
> propogate prior to Outlook crashing.  Otherwise you'd have to send
> a  heck of a lot of messages yourself.
>
>   -Mike
>
> On Tue, 23 Oct 2001, Blue Boar wrote:
>
> > > A few of my co-workers and I were just discussing the new error
reporting
> > > functions of Internet Explorer, and we came up with a nasty
> > > idea  for a
virus
> > > utilizing that function as a method of causing a DoS.  The idea
> > > is  to
write
> > > a virus that propagates through email (nothing new here) and 
> > > exploits Outlook and Outlook Express to achieve that
> > > propagation.   This virus
would
> > > essentially cause the autopreview pane of Outlook to open
> > > viewing  some
type
> > > of HTML/ASP, etc in a way that would cause IE to crash when 
> > > attempting
to
> > > sort it.  At that point, with the more recent releases of IE, 
> > > there
would be
> > > an automatic initiation of debug data sent to Microsoft,
> > > through  using
DNS
> > > to resolve.
> > >
> > > Obvious effects would be a likely DoS on business networks and
> > > on  Microsoft's debug servers.  Other effects could include
> > > difficulty  in reaching and downloading patches for the
> > > vulnerabilities in the 
software (if
> > > Microsoft patch servers are utilizing the same WAN link as the 
> > > debug servers), as well as possible effects upon DNS servers, 
> > > especially at Microsoft.  In addition, as has already been
> > > talked  about, an enormous amount of private information
> > > possibly stored  on the debugs would be forwarded as well.  I
> > > would imagine that  this type of virus could also effect other
> > > kinds of "bugzilla"  services.
> > >
> > > Just a thought...

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBO9hIHl+IxmqPU329EQKBzwCfc6l4kOAUm9GFXwVsJBDITj0lhTYAn1yq
AaQke/iHCyHCPM49/N2PpjMK
=CUDB
-----END PGP SIGNATURE-----