MSIE Vulnerability Advisory : MSIE - New Site Spoofing - NullyFake

From: Liu Die Yu (liudieyu_at_UMBRELLA.NAME)
Date: 08/16/04

  • Next message: Russ: "XPSP2 Issues: Summary #1" 
    Date:         Mon, 16 Aug 2004 07:07:53 +0800
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    so i am trying to be polite here to get the message thru.
    ########################################################################

    Liu Die Yu's MSIE Advisory #35

    Date: August 16,2004

    Application: IE
    Version: WinXp.SP1 UP-TO-DATE
    Bug: SITE-SPOOOFING
    Risk: Can enable attackers to cheat users to input something.
    Author: Liu Die Yu
    e-mail: liudieyu@umbrella.name

    ########################################################################

    Sections:

    1) Introduction
    2) Bug
    3) Proof of concept code.
    4) Fix
    5) Philosophy
    6) Closing comments..
    7) Contact

    ______________________________________________________________________

    1) Introduction
    Internet Explorer - the most popular browser shipped with the most
    popular system.
    Internet Explorer - if you don't know it, you must be a secret scientist
    trained by nsa and locked by nsa and forced to use nothing but solaris.

    2) Bug
    site spoofing. so any guy can cheat others to input his
    paypal/e-gold/any account that the thief please.

    3)POF
    http://umbrella.name/originalvuln/msie/NullyFake/test.htm

    4)FIX
    i've been waiting for the fix for ages. PERHAPS xpsp2 had it fixed?

    5)Phylosophy
    always have a nice day

    6)Closing Comment
    one day in the near future, you gonna die gonna die gonna die for MS
    products :-)))))

    7)Contact
    liudieyu AT umbrella D0T name
    http://umbrella.name/people/liu.dieyu/

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----

  • Next message: Russ: "XPSP2 Issues: Summary #1"

    Relevant Pages

    • Re: Hakkars Encounter
      ... Not asking for a strat or anything just a ... bug and has allegedly been fixed already. ... The Sons not leaving poison clouds, apparently that happens if they're stunned when they die. ... The red spiders in ZG also don't spawn baby spiders if they're stunned when they die, ...
      (alt.games.warcraft)
    • Re: How can i make a perl program lauch another perl program that takes options
      ... And in the old code system would return a 0 after calling perl. ... would short-circuit and call die. ... > now i don't think ill be able to sleep without thinking about this:)) ... > Oh well, Bug begets bug:) ...
      (perl.beginners)
    • Re: [OT] Survey: die vs. exit
      ... > I just put it this way: When it's a bug (the script doesn't run the way ... > it should, query not being fullfilled) i just want this bug to die, ... > whereas when it's the proper way of functionning of my script, ... Usually I call die() on out of bound conditions. ...
      (comp.lang.php)
    • Re: [PATCH] do_wp_page: BUG on invalid pfn
      ... > helpful info on the console, ... BUG causes an exception, which calls die(), which in turn calls ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: death
      ... My dad was telling DS how old he is today and how he is going to die. ... this whole talk of age and death made DS a bit upset. ... I've had some conversations about death and family members dying with ... I'm not religious but don't want the Bug to think that religious ...
      (misc.kids)