[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000001c44c2d$d33df9b0$3200000a@alex>
Date: Mon, 07 Jun 2004 03:21:52 +0200
From: Jelmer <jkuperus@...net.nl>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com, peter@...lomatmail.net
Subject: Internet explorer 6 execution of arbitrary code (An analysis of the
180 Solutions Trojan)
Just when I though it was save to once more use internet explorer I received
an email bringing my attention to this webpage
http://216.130.188.219/ei2/installer.htm that according to him used an
exploit that affected fully patched internet explorer 6 browsers. Being
rather skeptical I carelessly clicked on the link only to witness how it
automatically installed addware on my pc!!!
Now there had been reports about 0day exploits making rounds for quite some
time like for instance this post
http://www.securityfocus.com/archive/1/363338/2004-05-11/2004-05-17/0
However I hadn't seen any evidence to support this up until now
Thor Larholm as usual added to the confusion by deliberately spreading
disinformation as seen in this post
http://seclists.org/lists/bugtraq/2004/May/0153.html
Attributing it to and I quote "just one of the remaining IE vulnerabilities
that are not yet patched"
Ive attempted to write up an analysis that will show that there are at
least 2 new and AFAIK unpublished vulnerabilities (feel free to proof me
wrong) out there in the wild, one being fairly sophisticated
You can view it at:
http://62.131.86.111/analysis.htm
Additionally you can view a harmless demonstration of the vulnerabilities at
http://62.131.86.111/security/idiots/repro/installer.htm
Finally I also attached the source files to this message
Download attachment "exploit.zip" of type "application/octet-stream" (1686 bytes)
Powered by blists - more mailing lists