Re: HijackClick 3

From: Drew Copley (dcopley_at_EEYE.COM)
Date: 07/13/04

  • Next message: Russ: "Alert: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"
    Date:         Mon, 12 Jul 2004 15:11:48 -0700
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

     

    > -----Original Message-----
    > From: http-equiv@excite.com [mailto:1@malware.com]
    > Sent: Monday, July 12, 2004 12:06 PM
    > To: bugtraq@securityfocus.com
    > Cc: NTBugtraq@listserv.ntbugtraq.com
    > Subject: Re: HijackClick 3
    >

    <snip>

    > This is absolutely fantastic Paul, with a patented double-click
    > of the mouse we can remotely take over the target's computer:
    >
    > Just substitute as follows:
    >
    > 1. <img src="greyhat.html" id=anch
    > onmousedown="parent.nsc.style.width=2000;parent.nsc.style.height=
    > 2000;parent.pop.show(1,1,1,1);parent.setTimeout('showalert
    > ()',3000);" style="width=168px;height=152px;background-image:url
    > ('youlickit.gif');cursor:hand" title="click me!"></a>
    >
    > 2. location="shell:favorites\\greyhat[1].htm"
    >
    > Someone was querying the other day whether shell in Internet
    > Explorer poses a problem [despite repeated demonstrations].
    > Pah ! Probably not.
    >
    > Quick and Dirty Working Demo:
    >
    > http://www.malware.com/paul.html

    Just to add... this, too, works on using shell.application,
    a bug which has been open for around ten months.

    In fact, I don't think there has been a bug in about ten
    months (coincidentally) that does not rely on either Jelmer's
    adodb bug or your shell.application bug.

    Microsoft can remove the threat from all users right now, today,
    and issue a fix. We won't see criminals using these things
    to grab people's money tommorrow. We won't see hundreds of articles
    critical of their browser. We won't see devious, targetted
    attacks on bank employees or anyone else.

    Remove the escalating security holes, and you remove the
    ones that depend on it. They then might only serve some use
    for phishers and the like, people who are only minorly more
    successful using such exploits over using straight cons.

     

    > --
    > http://www.malware.com
    >
    >
    >
    >

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----


  • Next message: Russ: "Alert: Microsoft Security Bulletin MS04-018 - Cumulative Security Update for Outlook Express (823353)"

    Relevant Pages

    • Re: Using Doxygen with Angband
      ... that really we want them in the source files instead, ... Provides an example of a documentation style. ... BUG: Brief description of bug. ...
      (rec.games.roguelike.angband)
    • Re: Realtime Preemption, 2.6.12, Beginners Guide?
      ... > Which debugging options are most useful for testing purposes? ... The new options have made the BUG warning a bit more ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: SharedCLibrary version
      ... > the availability of a 32-bit SCL on the A9. ... > a developer beta-testing the A9, you report the bug to Adv6 in the usual ...
      (comp.sys.acorn.programmer)
    • RE: Re: HijackClick 3
      ... > Just substitute as follows: ... I don't think there has been a bug in about ten ... Microsoft can remove the threat from all users right now, today, ...
      (Bugtraq)
    • Re: So long and thanks for all the fish.
      ... I did report it on the A9home list to the usual deafening silence. ... they have repeated to different people that *bug* reports ... StevePotts at blastzone DOT demon STOP co DOT uk ...
      (comp.sys.acorn.misc)