| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0203A1F683E317458D5F226DAA571333080993@ptle2m04.up.corp.upc> From: ACastigliola at unumprovident.com (Castigliola, Angelo) Subject: RE: new internet explorer exploit (was new worm) >The known ingredient it uses is : >http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-08/1758.htm l >that has gone unpatched for over 5 months now XP service pack 2 Release candidate 1 patches this exploit. Angelo Castigliola III Operations Technical Analyst I UnumProvident IT Services 207.575.3820 -----Original Message----- From: Jelmer [mailto:jkuperus@...net.nl] Sent: Monday, March 29, 2004 9:36 AM To: full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com Subject: new internet explorer exploit (was new worm) The code used by this worm to exploit it's users at least partly is (i think) new , the vulnerability it abused has afaik not been published on eighter bugtraq or full-disclosure. possibly making it (one of?) the first worm to totally catch people offguard. It allows a mallicious person to take any action on an unsuspecting user who view's a specially prepared page's pc The known ingredient it uses is : http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-08/1758.html that has gone unpatched for over 5 months now The remainder of the exploit manages to confuse this same adodb.stream object enough to make it think it's being run from a local location You can protect yourself against it by running http://ip3e83566f.speed.planet.nl/hacked-by-chinese/fix.reg I attached sample code myself to illustrate the problem, because http-equiv's was messy :) This one should be more straightforward to use Instructions : 1. unzip 2. overwrite exploit.exe with the executable you wish to run, or leave it untoched if you want to see some nice texturemapped rotation 3. upload the files to a webserver 4. view exploit.htm Tested on winxp pro all patches for the lazy ones among you can also view a demonstration here : http://ip3e83566f.speed.planet.nl/security/newone/exploit.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3742 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040401/49175da7/smime.bin
Powered by blists - more mailing lists