Re: MSHTML.dll/MSN Messenger demonstration site
From: Russ (Russ.Cooper@RC.ON.CA)Date: 02/20/02
- Previous message: Russ: "Summary of Microsoft compiler flaw discussions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Feb 2002 19:08:18 -0500 From: Russ <Russ.Cooper@RC.ON.CA> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Folks,
The site provided by Toby is not the JS.Menger.Worm, and does not
perform the actions that this worm does, nor does the site contain, or
cause the infection of, a virus.
The site does do things very similar to what that worm does, however it
does so only after prompting you, and requesting your approval. It will
send a message to your contacts, if you choose to have it do this, and
you are vulnerable. Let's face it folks, that's the only way to
demonstrate you are vulnerable to this exploit...what did you think it
was going to do?
NAV is definitely picking up the demo page as a worm. I won't argue
against it doing this, given what the page does and what the worm does.
If you are taking your machine to the link provided, expect bad things
to happen if you're not patched or secured against the potential actions
that can be taken against a vulnerable system. IOWs, don't go to sites
like this with a production machine in the middle of your corporate LAN
and just "see" if you're exploitable.
If you're patched, or you have your security zones set appropriately,
the site can do nothing.
The code on the demonstration page can be viewed, and is "harmless" to
the extent that it will only perform certain actions if you agree
(actions like mailing to all of your contacts). If you agree, then it
will send a message to all of your contacts although that message is not
worm-like or a virus (although it does suggest that the reader of these
messages have a look at the demo site to see if they are vulnerable).
I hope this address concerns raised by numerous readers.
Finally, for you new subscribers, please appreciate that messages to
NTBugtraq may contain harmful code, code that your AV picks up as
harmful (when in fact it isn't), links to harmful sites, or links to
descriptions of harmful sites which in fact aren't harmful at all. If
your company employs proxies, you may get questioned by your
administrators over the content of messages, or sites you visit referred
to by NTBugtraq messages.
If you can't deal with these possibilities, please unsubscribe
immediately.
Cheers,
Russ - NTBugtraq Editor
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper
Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Russ: "Summary of Microsoft compiler flaw discussions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
