lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <43F08243.4060304@linuxbox.org>
Date: Mon, 13 Feb 2006 14:57:39 +0200
From: Gadi Evron <ge@...uxbox.org>
To: bugtraq@...urityfocus.com,
	"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Internet Explorer drag&drop 0day


Matthew Murphy has just disclosed a vulnerability in Internet Explorer.

He will send his advisory later today, but as he is unable to right now, 
he asked me to email this for him.
[I didn't want to email the advisory itself as ALL CREDIT BELONGS TO HIM 
and I didn't want to take the credit away from him in any way. This is 
100% his work and his disclosure]

Microsoft decided to patch this only next year with SP3. As by now 6 
mounths passed since Microsoft was contacted, Matthew alerted them ahead 
of time he will make a public release on the 13th (today).

There have been several attempts to help Matthew and talk to Microsoft 
(including by me, as well as several others) and convince them this is 
indeed “bullet-in worthy” to avoid this public release.

This is not a critical vulnerability, as it requires user interaction. 
However, it is serious and shouldn’t be down-played.

Here are some interesting ways to exploit this using social engineering:
Scroll-bar, “smack the monkey”, moving naked girl (move mouse to make 
me...), web game, shopping list/wish list, “calibrate your mouse”, etc.

The advisory (and suggested work-around) can be found here:
http://www.securiteam.com/windowsntfocus/5MP0B0UHPA.html

In my opinion, this comes to prove 0days are USUALLY a "myth" (WMF being 
a good example of a real 0day), as this particular vulnerability has 
been known to me and some others for some time now awaiting public release.
Does anyone still think bad guys don't exploit (to whatever goals) a 
0day if it is out there?

	Gadi.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ