full-disclosure - Official IFRAME patch - make sure it installs correctly

lists.openwall.net		lists / announce john-users owl-users popa3d-users / xvendor oss-security / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4
Open Source and information security mailing list archives

Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide

[<prev] [next>] [<thread-prev] [month] [year] [list]

From: raoul at elforsoft.com (Raoul Nakhmanson-Kulish)
Subject: Official IFRAME patch - make sure it installs
 correctly

Hello, Berend-Jan Wever!

> The IFRAME vulnerability has been patched, see
> http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
Oh! Thanks, God!

Good that nobody has hit upon an idea until now about exploiting this to 
launch self-spreading mail virus without user interaction by putting 
iframe into HTML message body: this hole is exploitable even in 
restricted zone and millions of OE and Outlook lemmings would be doomed.

Such thought visited me nearly right away when I had known this issue.

-- 
Best regards,
Raoul Nakhmanson-Kulish
Elfor Soft Ltd.,
ERP Department
http://www.elforsoft.ru/