Vulnerability Development mailing list archives
Re: Fwd: Please post this anonymously (without my email-address and such)
From: Thor () HammerofGod com
Date: Thu, 25 Oct 2001 11:53:06 -0700
Nah.. It asks you. As does a crash of Office XP products, like Access 2002. What would really be interesting is to capture this process, and see how/where it is being posted to MS. I wonder if they have stop-gaps in place to prevent the automated flooding of their data warehouse when reproduced for malicous purposes. Hmmm. I think I can crash Access pretty readily- I'll do this and post the results if anyone is interested. AD ----- Original Message ----- From: "PIATT, BRET L (PB)" <bp3847 () sbc com> To: <vuln-dev () securityfocus com> Sent: Thursday, October 25, 2001 10:13 AM Subject: RE: Fwd: Please post this anonymously (without my email-address and such)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I do believe its automatic in IE5.5 SP2 and IE6 and has to be disabled through the registry. I recall some information about this from somebody on either this list or Bugtraq in the past month. I can't seem to find the message now, maybe somebody else can? It had a list of registry keys you need to change to disable this. Bret Piatt | Network Security Engineer II | CISSP-CCNP-CCDP SBC DataComm | Advanced Security Services Group | SCNA-RHCE-MCP - -----Original Message----- From: Chris Carey [mailto:chris () sublimespot com] Sent: Wednesday, October 24, 2001 2:48 PM To: vuln-dev () securityfocus com Subject: Re: Fwd: Please post this anonymously (without my email-address and such) After a crash, IE Bug Reporting requires you to click a button to actually send the bug report. I dont believe it is automatic, like John Doe suggested. So I guess from here lets add the 'Spoof the Screen' IE vuln into the mix and trick them into sending the report At this point I dont see this scenario as a threat. Chris - ----- Original Message ----- From: "Mike DeGraw-Bertsch" <mbertsch () radioactivedata org> To: "Blue Boar" <BlueBoar () thievco com> Cc: <vuln-dev () securityfocus com> Sent: Wednesday, October 24, 2001 8:51 AM Subject: Re: Fwd: Please post this anonymously (without my email-address and such)An interesting thought, though you'd have to get the virus to propogate prior to Outlook crashing. Otherwise you'd have to send a heck of a lot of messages yourself. -Mike On Tue, 23 Oct 2001, Blue Boar wrote:A few of my co-workers and I were just discussing the new errorreportingfunctions of Internet Explorer, and we came up with a nasty idea for avirusutilizing that function as a method of causing a DoS. The idea is towritea virus that propagates through email (nothing new here) and exploits Outlook and Outlook Express to achieve that propagation. This viruswouldessentially cause the autopreview pane of Outlook to open viewing sometypeof HTML/ASP, etc in a way that would cause IE to crash when attemptingtosort it. At that point, with the more recent releases of IE, therewould bean automatic initiation of debug data sent to Microsoft, through usingDNSto resolve. Obvious effects would be a likely DoS on business networks and on Microsoft's debug servers. Other effects could include difficulty in reaching and downloading patches for the vulnerabilities in thesoftware (ifMicrosoft patch servers are utilizing the same WAN link as the debug servers), as well as possible effects upon DNS servers, especially at Microsoft. In addition, as has already been talked about, an enormous amount of private information possibly stored on the debugs would be forwarded as well. I would imagine that this type of virus could also effect other kinds of "bugzilla" services. Just a thought...-----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBO9hIHl+IxmqPU329EQKBzwCfc6l4kOAUm9GFXwVsJBDITj0lhTYAn1yq AaQke/iHCyHCPM49/N2PpjMK =CUDB -----END PGP SIGNATURE-----
Current thread:
- RE: Fwd: Please post this anonymously (without my email-address a nd such) PIATT, BRET L (PB) (Oct 25)
- Re: Fwd: Please post this anonymously (without my email-address and such) Thor (Oct 25)