Re: CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048

From: Nelson Sousa (nelson_at_DISMEL.PT)
Date: 11/27/03

  • Next message: Nick FitzGerald: "Re: CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048"
    Date:         Thu, 27 Nov 2003 16:41:34 -0000
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Hi all.

    This is the first time I write in Bugtraq, so I apologise in advance if the
    message isn't considered usefull or meaningfull enough.

    I've tried out the exploit code with Avant Browser, which is a plug in to
    run over IE.
    It has a very nice feature which I recomend: pop-up blocking.

    Without the pop-up blocking the exploit code runs although I got a warning
    about running frames in different domains. Answering yes I got the exploit
    code downloaded and run.

    But with the pop-up blocking activated the exploit did not run. I think a
    good practice, expecially for large networks would be to use some pop-up
    blocking to prevent this. Can someone else try to run the demo code with
    pop-up blockers activated and check whether we get the same behaviour? Maybe
    it's not the perfect solution but it might prevent most of the malware
    attacks (including the host hijacking that also runs on a pop-up window).

    The Avant Browser is freeware and can be found at
    http://www.avantbrowser.com/
    Amongst it's features I like especially three of them:
    1. All windows open in 1 app, therefore 1 item in the taskbar.
    2. You can open your favourites in new windows all the time
    3. When you close the Browser it can remain as a tray icon. When you reopen
    it all the pages remain active. Also when it crashes you can re-open all
    pages that were not properly closed.

    Regards,

    Nelson Sousa
    nelson@dismel.pt

    > > Demo Exploit Code (downloads and runs .exe of fire burning on computer
    > > screen without user intervention):
    > >
    <http://www.safecenter.net/UMBRELLAWEBV4/1stCleanRc/1stCleanRc-Demo/index.ht
    ml>

    ----
    NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
    code "NT1003" when registering to take the TICSA exam at www.2test.com.
    Prove to your employer and peers that you have the knowledge and
    abilities to be an active stakeholder in today's enterprise security.
    Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
    12/31/03 and cannot be used in combination with other offers.
    ----
    

  • Next message: Nick FitzGerald: "Re: CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048"