lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20040514143649.16379.qmail@www.securityfocus.com>
Date: 14 May 2004 14:36:49 -0000
From: Greg Kujawa <greg.kujawa@...mondcellar.com>
To: bugtraq@...urityfocus.com
Subject: Still Vulnerable in MSIE




With the latest vendor AV definitions and all of the Microsoft Security Updates my MSIE 6 application still was vulnerable to some apparent cross-site scripting exploit. I was hit with one of the many Agobot variants when exiting a site detailing some IE vulnerabilities (http://www.hnc3k.com). The site exit led to a series of pop-up and pop-under ads. 

All of these site redirects apparently resulted in a www2.flingstone.com site dropping in a infamous.exe file onto my computer. All the while I saw no prompts to download or execute anything whatsoever. All I did was close the windows that were coming up.

Just an FYI since even the latest updates on all fronts cannot ensure peace of mind.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ