Re: NOT GOOD: Outlook Express 6 + Internet Explorer 6

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 04/01/04

  • Next message: Fish: "Re: NOT GOOD: Outlook Express 6 + Internet Explorer 6" 
    Date:         Thu, 1 Apr 2004 12:37:52 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    http-equiv@excite.com said;
    <snip>
    Fully Functional Harmless Demo:

    http://www.malware.com/not-so-good.zip

    note: regardless of where this is viewed, it is governed by the 'restricted zone' at all times

    In this particular demo, we drop malware.exe into C: trivial tweaking via shell or full path places it wherever we like. This fully functional demo is heavily diluted. Practical implementation requires minor modifications on the transmitting client side. This demo will be flagged by AV suites owing to past usage and recognisable code.
    </snip>

    This also works just fine on Outlook 2003 in default configuration with Exchange Outlook Security Template with IE 6.x fully patched. Suspect earlier versions of Outlook work also.

    Cheers,
    Russ - NTBugtraq Editor

    -----
    NTBugtraq Editor's Note:

    Wondering how to unsubscribe from NTBugtraq? Just send a message to Listserv@listserv.ntbugtraq.com with unsubscribe ntbugtraq in the message body, you don't need a subject line. If it says you aren't subscribed, you've either subscribed with a different email address or your address has changed somehow. Just email Russ.Cooper@rc.on.ca and I'll remove you.
    -----

  • Next message: Fish: "Re: NOT GOOD: Outlook Express 6 + Internet Explorer 6"