[Full-Disclosure] RE: new internet explorer exploit (was new worm)
From: Castigliola, Angelo (ACastigliola_at_unumprovident.com)
Date: 04/01/04
- Previous message: debian-security-announce_at_lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 470-1] New Linux 2.4.17 packages fix several local root exploits (hppa)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com>, <bugtraq@securityfocus.com> Date: Thu, 1 Apr 2004 11:02:48 -0500
>The known ingredient it uses is :
>http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-08/1758.htm
l
>that has gone unpatched for over 5 months now
XP service pack 2 Release candidate 1 patches this exploit.
Angelo Castigliola III
Operations Technical Analyst I
UnumProvident IT Services
207.575.3820
-----Original Message-----
From: Jelmer [mailto:jkuperus@planet.nl]
Sent: Monday, March 29, 2004 9:36 AM
To: full-disclosure@lists.netsys.com; bugtraq@securityfocus.com
Subject: new internet explorer exploit (was new worm)
The code used by this worm to exploit it's users at least partly is (i
think) new , the vulnerability it abused has afaik not been published on
eighter bugtraq or full-disclosure. possibly making it (one of?) the
first
worm to totally catch people offguard.
It allows a mallicious person to take any action on an unsuspecting user
who
view's a specially prepared page's pc
The known ingredient it uses is :
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-08/1758.html
that has gone unpatched for over 5 months now
The remainder of the exploit manages to confuse this same adodb.stream
object enough to make it think it's being run from a local location
You can protect yourself against it by running
http://ip3e83566f.speed.planet.nl/hacked-by-chinese/fix.reg
I attached sample code myself to illustrate the problem, because
http-equiv's was messy :)
This one should be more straightforward to use
Instructions :
1. unzip
2. overwrite exploit.exe with the executable you wish to run, or leave
it
untoched if you want to see some nice texturemapped rotation
3. upload the files to a webserver
4. view exploit.htm
Tested on winxp pro all patches
for the lazy ones among you can also view a demonstration here :
http://ip3e83566f.speed.planet.nl/security/newone/exploit.htm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: debian-security-announce_at_lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 470-1] New Linux 2.4.17 packages fix several local root exploits (hppa)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
