lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Mar 2004 11:15:18 -0800 From: Void <void@...t.net> To: Jelmer <jkuperus@...net.nl>, full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com Subject: Re: new internet explorer exploit (was new worm) Just wanted to add that Norton Anti-Virus 2004 will detect this exploit and pop up a warning, but also fails to halt its execution or protect the user in any way. Here is what it thinks it is: http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.6.html So there is some measure of warning, but no real protection. At 04:35 PM 3/29/2004 +0200, Jelmer wrote: >The code used by this worm to exploit it's users at least partly is (i >think) new , the vulnerability it abused has afaik not been published on >eighter bugtraq or full-disclosure. possibly making it (one of?) the first >worm to totally catch people offguard. > >It allows a mallicious person to take any action on an unsuspecting user who >view's a specially prepared page's pc > >The known ingredient it uses is : >http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-08/1758.html >that has gone unpatched for over 5 months now > >The remainder of the exploit manages to confuse this same adodb.stream >object enough to make it think it's being run from a local location > >You can protect yourself against it by running >http://ip3e83566f.speed.planet.nl/hacked-by-chinese/fix.reg > > >I attached sample code myself to illustrate the problem, because >http-equiv's was messy :) >This one should be more straightforward to use > >Instructions : > >1. unzip >2. overwrite exploit.exe with the executable you wish to run, or leave it >untoched if you want to see some nice texturemapped rotation >3. upload the files to a webserver >4. view exploit.htm > >Tested on winxp pro all patches > >for the lazy ones among you can also view a demonstration here : > >http://ip3e83566f.speed.planet.nl/security/newone/exploit.htm
Powered by blists - more mailing lists