| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <005601c4159b$1ca42490$3200000a@alex>
Date: Mon, 29 Mar 2004 16:35:41 +0200
From: Jelmer <jkuperus@...net.nl>
To: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
Subject: new internet explorer exploit (was new worm)
The code used by this worm to exploit it's users at least partly is (i
think) new , the vulnerability it abused has afaik not been published on
eighter bugtraq or full-disclosure. possibly making it (one of?) the first
worm to totally catch people offguard.
It allows a mallicious person to take any action on an unsuspecting user who
view's a specially prepared page's pc
The known ingredient it uses is :
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-08/1758.html
that has gone unpatched for over 5 months now
The remainder of the exploit manages to confuse this same adodb.stream
object enough to make it think it's being run from a local location
You can protect yourself against it by running
http://ip3e83566f.speed.planet.nl/hacked-by-chinese/fix.reg
I attached sample code myself to illustrate the problem, because
http-equiv's was messy :)
This one should be more straightforward to use
Instructions :
1. unzip
2. overwrite exploit.exe with the executable you wish to run, or leave it
untoched if you want to see some nice texturemapped rotation
3. upload the files to a webserver
4. view exploit.htm
Tested on winxp pro all patches
for the lazy ones among you can also view a demonstration here :
http://ip3e83566f.speed.planet.nl/security/newone/exploit.htm
Download attachment "final.zip" of type "application/octet-stream" (12640 bytes)
Powered by blists - more mailing lists