lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200406242057.45212.jstewart@lurhq.com>
From: jstewart at lurhq.com (Joe Stewart)
Subject: Re: IE exploit runs code from graphics?

On Thu, 24 Jun 2004 19:02:01, larry@...ryseltzer.com wrote:
> From http://www.eweek.com/article2/0,,1617045,00.asp: 
>
> "Analysts at NetSec Inc., a managed security services provider, began 
> seeing indications of the compromises early Thursday morning and have 
> since seen a large number of identical attacks on their customers' networks.
> The attack uses a novel vector: embedded code hidden in graphics on Web 
> pages... NetSec officials said the attack seems to exploit a vulnerability
> in Internet Explorer." 

This is somewhat misleading. The attack is appending javascript footers to 
every file served by the IIS server, including image files. This isn't a new 
vector, it's just a side-effect. More information at http://isc.sans.org/

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ http://www.lurhq.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ