[<prev] [next>] [day] [month] [year] [list]
Message-ID: <FCAD9F541A8E8A44881527A6792F892C307B3E@owa.eeye.com>
Date: Mon, 12 Jul 2004 15:04:10 -0700
From: "Drew Copley" <dcopley@...e.com>
To: "Polazzo Justin" <Justin.Polazzo@...ilities.gatech.edu>
Cc: <bugtraq@...urityfocus.com>
Subject: RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability
> -----Original Message-----
> From: Polazzo Justin [mailto:Justin.Polazzo@...ilities.gatech.edu]
> Sent: Monday, July 12, 2004 12:22 PM
> To: Drew Copley
> Cc: bugtraq@...urityfocus.com
> Subject: RE: MSIE Download Window Filename + Filetype
> Spoofing Vulnerability
>
> Should you not be able to tile your gui any way you please?
You can title your UI anyway you please.
>
> Someone may be thinking that you could put an image in front
> of the security box in order to trick users into clicking on
> "open" without knowledge. I noticed that you cant click on
> the buttons when the image is in front of them.
>
I haven't checked out the new demo, but it is inconsquential,
you can totally change the contents of the window so that "No"
becomes "yes", or "yes" becomes "no", or whatever else. [By
stating, "Do Not Run This App", for instance, turns the positive
into the negative.]
"Close this window"?
"Yes".
Boom.
There are countless variations on this as you can put in there,
around there, all around anything you want.
It is a pain to make a really good demo, though, this is
why no one has probably messed with it. And, it is likely
too old for the current wave of criminals to get a handle
on it.
Well, not anymore. But, thankfully, Microsoft fixed this in
SP 2. Hopefully everyone else will get this fix in their
IE as well.
> Would you be able to have an insane speed at which the object
> moves over the buttons, or a pulse action to where the image
> would appear to be solid, but would still select "open" when pressed?
Yeah, you can probably flicker it and hide it as well.
Really, the exploitation is for an artist...
>
> jp
>
> -----Original Message-----
> From: Drew Copley [mailto:dcopley@...e.com]
>
Powered by blists - more mailing lists