lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8B32EDC90D8F4E4AB40918883281874D273CB7@pivxwin2k1.secnet.pivx.com>
From: tlarholm at pivx.com (tlarholm@...x.com)
Subject: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV

Clear of FUD: The threat is the same as before, one of the subcomponents
of existing exploits just has a new approach.


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
949-231-8496

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 

-----Original Message-----
From: John Bisley [mailto:bisley110@...oo.co.uk] 
Sent: Monday, January 05, 2004 3:15 AM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Self-Executing HTML: Internet Explorer
5.5 and 6.0 Part IV


Hi All
Can anyone out there clear the FUD and speak to the less Web Savvy (like
me) - I set up up a quarantine system (although still with Internet
connectivity) to run the exe-cute-html but this didn't 'appear' to do
anything other than display the "JUNKWARE" text.
i.e. I downloaded the zip and extracted the html and then I
double-clicked on the html file so that IE(5.5) would run it.
So I presume it would be running the html from the MyComputer zone - but
I didn't get a dialog box or anything.
I'm mostly interested in whether this is a big risk to the company. I'm
willing to believe that users can be fooled into downloading html and
opening it locally (e.g. if they think that they are downloading a
useful report), but then, they can probably be fooled into downloading
an exe and running it... So am I simply looking at continued Security
Awareness briefings (or more draconian download restrictions) or is
there a greater exposure that I'm missing. 
I may have missed earlier parts of this thread so I hope I'm not going
over old ground.
Regards
Bis
> From: "morning_wood" <se_cur_ity@...mail.com>
> To: <full-disclosure@...ts.netsys.com>
> Subject: Re: [Full-Disclosure] Self-Executing HTML: Internet Explorer
5.5 and 6.0 Part IV
> Date: Fri, 2 Jan 2004 11:56:29 -0800
> 
> > On Thu, 1 Jan 2004 22:41:35 -0000 "http-equiv@...ite.com" wrote:
> > [snip]
> > > Fully self-contained harmless *.exe:
> > >
> > > http://www.malware.com/exe-cute-html.zip
> > [snip]
> >
> > This doesn't look like self-executing HTML - anyway.
> >
> 
> Gives dialog box to open or save a "blabla.hta" and no, it 
> does not self-execute
> even under
> low security settings. try again Jelmer?
> 
> 
> 


Yahoo! Messenger - Communicate instantly..."Ping" your friends today!
Download Messenger Now


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ