lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000001c44c2d$d33df9b0$3200000a@alex>
Date: Mon, 07 Jun 2004 03:21:52 +0200
From: Jelmer <jkuperus@...net.nl>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com, peter@...lomatmail.net
Subject: Internet explorer 6 execution of arbitrary code (An analysis of the
 180 Solutions Trojan)

Just when I though it was save to once more use internet explorer I received
an email bringing my attention to this webpage
http://216.130.188.219/ei2/installer.htm   that according to him used an
exploit that affected fully patched internet explorer 6 browsers. Being
rather skeptical I carelessly clicked on the link only to witness how it
automatically installed addware on my pc!!!
 
Now there had been reports about 0day exploits making rounds for quite some
time like for instance this post
 
http://www.securityfocus.com/archive/1/363338/2004-05-11/2004-05-17/0 
 
However I hadn't seen any evidence to support this up until now
Thor Larholm as usual added to the confusion by deliberately spreading
disinformation as seen in this post
 
http://seclists.org/lists/bugtraq/2004/May/0153.html
 
Attributing it to and I quote "just one of the remaining IE vulnerabilities
that are not yet patched"

I’ve attempted to write up an analysis that will show that there are at
least 2 new and AFAIK unpublished vulnerabilities (feel free to proof me
wrong) out there in the wild, one being fairly sophisticated 

You can view it at:

http://62.131.86.111/analysis.htm

Additionally you can view a harmless demonstration of the vulnerabilities at

http://62.131.86.111/security/idiots/repro/installer.htm

Finally I also attached the source files to this message

Download attachment "exploit.zip" of type "application/octet-stream" (1686 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ