lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: rms at computerbytesman.com (Richard M. Smith)
Subject: How often are IE security holes exploited?

Hi Paul,

Thanks for the reply.  Let me try to clarify things a bit.

I'm most interested in security holes related to IE, ActiveX controls,
and the Microsoft JVM.  Basically things that can be exploited from an
HTML Web page or email message.   As you noted, these kinds of security
holes can be exploited from Outlook, Outlook Express, and Windows Media
Player.

Something like Loveletter didn't use any security holes to run.  It's
probably the best example of social engineering being used to get people
to run a virus/worm by clicking on an attached file.

Also does anyone know of an example of a virus or worm that used an IE
security hole that hadn't been seen before?

Richard

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Schmehl,
Paul L
Sent: Thursday, December 12, 2002 5:31 PM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] How often are IE security holes
exploited?


You're going to have to define what you mean by that.  The IE engine is
used in a lot of things.  For example, Outlook Express uses it to
display HTML email.  So, Kak, Klez, Yaha, Braid, Frethem, etc., etc.,
all use weaknesses in IE *in* OE to run.  Just about any VBS virus would
qualify, depending on how you want to define "IE" *(Loveletter,
Bubbleboy, Anna Kournikova, VBS/You-name-it, etc.), JS/Seeker,
JS/Coolsite, etc., etc.  Anything that uses the Windows Scripting Host
and the preview pane could be said to be using IE, because it's the
engine behind the scenes that makes it all possible.

The most common one is "Incorrect MIME Header Can Cause IE to Execute
E-mail Attachment vulnerability (MS01-020)" which is used in a bunch of
viruses/worms - Bugbear, Braid, Shoho, Exploit-MIME.gen, Gop, Yaha,
Klez, Holar, Hobbit, Apix, 

Paul Schmehl (pauls@...allas.edu)
TCS Department Coordinator
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/


> -----Original Message-----
> From: Richard M. Smith [mailto:rms@...puterbytesman.com] 
> Sent: Thursday, December 12, 2002 3:33 PM
> To: full-disclosure@...ts.netsys.com; rms@...puterbytesman.com
> Subject: [Full-Disclosure] How often are IE security holes exploited?
> 
> 
> Hi,
> 
> Has anyone ever looked into how often security holes in 
> Internet Explorer are actually used in viruses, worms, Trojan 
> horses, and other malware?  My sense is that very few of them 
> are actually used in the wild.  The KaK and Klez worms both 
> use IE security holes to do their dirty work, but most other 
> Windows viruses seem to rely on social engineering and 
> standard features of Microsoft products.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ