lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: pachiderme at gmail.com (pachiderme pachiderme) Subject: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) I just read this news about the first implementation : F-Secure Virus Descriptions : MyDoom.AG This Mydoom variant is considerably different from previous Mydooms. In fact, it might not be a variant at all, but a totally new virus family. It does spread over email, like Mydooms normally do. However, this new variant do not send attachments at all; instead they send emails with links to a website. There are several different emails. Interestingly, the link points to a website which is actually running on the infected machine that sent the email in the first place. The worm accomplishes this by installing a small web server on port 1639 on each infected machine. This technique is a bit similar to what for example Blaster worm does to transfer itself to each infected machine; instead of using a central download server it turns each infected machine to one. Even more interestingly, the web page uses a brand new IFRAME vulnerability in Internet Explorer to infect the computer. There's no patch for Windows 2000 or XP SP1 yet. Windows XP SP2 is not vulnerable
Powered by blists - more mailing lists