Re: CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048
From: Nelson Sousa (nelson_at_DISMEL.PT)
Date: Thu, 27 Nov 2003 16:41:34 -0000 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
This is the first time I write in Bugtraq, so I apologise in advance if the
message isn't considered usefull or meaningfull enough.
I've tried out the exploit code with Avant Browser, which is a plug in to
run over IE.
It has a very nice feature which I recomend: pop-up blocking.
Without the pop-up blocking the exploit code runs although I got a warning
about running frames in different domains. Answering yes I got the exploit
code downloaded and run.
But with the pop-up blocking activated the exploit did not run. I think a
good practice, expecially for large networks would be to use some pop-up
blocking to prevent this. Can someone else try to run the demo code with
pop-up blockers activated and check whether we get the same behaviour? Maybe
it's not the perfect solution but it might prevent most of the malware
attacks (including the host hijacking that also runs on a pop-up window).
The Avant Browser is freeware and can be found at
Amongst it's features I like especially three of them:
1. All windows open in 1 app, therefore 1 item in the taskbar.
2. You can open your favourites in new windows all the time
3. When you close the Browser it can remain as a tray icon. When you reopen
it all the pages remain active. Also when it crashes you can re-open all
pages that were not properly closed.
> > Demo Exploit Code (downloads and runs .exe of fire burning on computer
> > screen without user intervention):
---- NTBugtraq subscribers save $103.00 off the TICSA exam by using promo code "NT1003" when registering to take the TICSA exam at www.2test.com. Prove to your employer and peers that you have the knowledge and abilities to be an active stakeholder in today's enterprise security. Become TICSA certified www.trusecure.com/ticsa. Promotion expires 12/31/03 and cannot be used in combination with other offers. ----