lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8B32EDC90D8F4E4AB40918883281874D03EC2E@pivxwin2k1.secnet.pivx.com>
From: thor at pivx.com (Thor Larholm)
Subject: FW: [Fwd: Re: AIM Password theft]

Mark,
 
You are correct, I should not have replied to Mark when I had not yet had my morning coffee. The dynamic rendering of OBJECT elements still trigger the HTA functionality exposed in Windows. Personally, though, I see this as an unrelated vulnerability regarding static/dynamic code rendering which has a greater impact than just allowing HTA code to execute.
 
Both GM#001 and thePulls POC, which malware cites, are one and the same issue instead of two separate, they both trigger the dynamic rendering of HTML instead of the static - GM#001 just does this without requiring scripting.
 
 
Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://www.pivx.com/larholm/unpatched - Unpatched IE vulnerabilities

	-----Original Message----- 
	From: Bassett, Mark [mailto:mbassett@...ha.com] 
	Sent: Wed 9/24/2003 7:57 AM 
	To: Thor Larholm; NTBugtraq; full-disclosure@...ts.netsys.com; list@...ield.org 
	Cc: 
	Subject: RE: [Full-Disclosure] FW: [Fwd: Re: AIM Password theft]
	

	Actually the MS03-032 patch doesn't stop the object data vulnerability.
	
	
	Check it here... http://www.secunia.com/MS03-032/
	I am patched with MS03-032 ( Q822925 ) but am still vulnerable.
	
	Possibly the particular version at haxr.org is the exploit that the
	patch
	fixes but if it is, it could easily be modified to the vuln that still
	works.  Only way to really stop it is kill your activex scripting for
	untrusted sites.
	
	


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ