Re: [Full-Disclosure] ADODB.Stream object

From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 08/27/03

  • Next message: Justin Shin: "RE: [Full-Disclosure] CERT Employee Gets Owned" 
    To: full-disclosure@lists.netsys.com
Date: Wed, 27 Aug 2003 14:20:35 +1200

    jelmer <jkuperus@planet.nl> wrote:

    <<snip interesting stuff>>
    > I dont think it in it self can not be concidered a security vulnerabilty as
    > it only works when the file containing the code is present on a users
    > harddisk, though html files are generally considered trusted and you can
    > probably trick some people into opening an html file by sending it to them
    > through msn messenger or whatever.
    > It can most likely be used to leverage other vulnerabilities, for instance
    > many programs download information to predictable locations from where you
    > might invoke it.

    I do not see this as much of an issue/problem for widespread
    exploitation of this. Recall the (modest) "success" of the MindJail
    virus, and the ongoing success of Mijail (which is by far the most
    prevalent mass-mailing virus this month if you ignore the Sobig.F
    freak). Both of these viruses exploited a "My Computer" zone-only IE
    vulnerability, depending on the typical handling of files from inside
    archives being placed into %TEMP% despite their source archives clearly
    being handled in the TIF. Of course, MS (and thus IE) cannot manage
    third-party programs handling of files passed out of of IE's security
    zones... 

    -- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: Justin Shin: "RE: [Full-Disclosure] CERT Employee Gets Owned"