[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <039401c41c2a$7f4f63d0$3200000a@alex>
From: jkuperus at planet.nl (Jelmer)
Subject: IE exploit going around on irc
> I'm sorry, I thought you were already aware of the text/x-scriptlet
> object variation of Ibiza which was exploited in the wild before Ibiza
> was even discussed on Bugtraq - I assumed you would catch my reference
> to this. Either way, this is still the ms-its/ms-itss CHM issue
> regardless of how you trigger it.
>
> My bad, I will elaborate further in the future so we can avoid
> discussing semantics.
Indeed I was not when and infact nobody I know was, when did you first
observe it? Have you got any references to where it was discussed? I tried
looking at http://pivxlabs.com/mailman/listinfo/unpatched_pivxlabs.com but
the archives have been down for many many days now. I am just trying to
establish some sort of timeline
And if you had this information why didn't you pass it on? naturaly it's
your god given right not to , but I am curious as to your motivation
Also I am kind of confused as to why you referenced your bizex post in
relation to this, yes it used *a* MSITS vulnerability ,
in particular the one reported by Arman Nayyeri
(http://www.securitytracker.com/alerts/2003/Dec/1008578.html) but thats
unrelated to the ibiza exploit for reference there's a very complete
analysis of bizex at http://www.daemonology.net/ICQworm/worm.txt
Am I missing something here?
As to the refference to Roozbeh Afrasiabi's post , well I am glad someone
could make sense of it, I surely couldn't so I wont comment on it
>
>
> Regards
>
> Thor Larholm
> Senior Security Researcher
> PivX Solutions
> 24 Corporate Plaza #180
> Newport Beach, CA 92660
> http://www.pivx.com
> thor@...x.com
> Phone: +1 (949) 231-8496
> PGP: 0x5A276569
> 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
>
> PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
> Qwik-Fix
> <http://www.qwik-fix.net>
> -----Original Message-----
> From: Jelmer [mailto:jkuperus@...net.nl]
> Sent: Tuesday, April 06, 2004 2:05 PM
> To: Thor Larholm; David Jacoby; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] IE exploit going around on irc
>
>
> > What Niek forwarded is using the Ibiza CHM exploit that deals with
> > improper privileges gained through the ms-its/ms-itss URL protocol
> > handlers which is still unpatched.
>
>
> Bzzzzt wrong
>
> It's a variation of the ibiza exploit, the ibiza exploit didn't work on
> XP SP1, I know so because I checked at the time and yes this variation
> is still unpatched
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists