[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200406242057.45212.jstewart@lurhq.com>
From: jstewart at lurhq.com (Joe Stewart)
Subject: Re: IE exploit runs code from graphics?
On Thu, 24 Jun 2004 19:02:01, larry@...ryseltzer.com wrote:
> From http://www.eweek.com/article2/0,,1617045,00.asp:
>
> "Analysts at NetSec Inc., a managed security services provider, began
> seeing indications of the compromises early Thursday morning and have
> since seen a large number of identical attacks on their customers' networks.
> The attack uses a novel vector: embedded code hidden in graphics on Web
> pages... NetSec officials said the attack seems to exploit a vulnerability
> in Internet Explorer."
This is somewhat misleading. The attack is appending javascript footers to
every file served by the IIS server, including image files. This isn't a new
vector, it's just a side-effect. More information at http://isc.sans.org/
-Joe
--
Joe Stewart, GCIH
Senior Security Researcher
LURHQ http://www.lurhq.com/
Powered by blists - more mailing lists