Re: Fwd: Please post this anonymously (without my email-address and such)
From: Chris Carey (chris@sublimespot.com)Date: 10/24/01
- Previous message: terry white: "Re: Fwd: Please post this anonymously (without my email-address and such)"
- In reply to: Mike DeGraw-Bertsch: "Re: Fwd: Please post this anonymously (without my email-address and such)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <001001c15cd5$968b3720$090aa8c0@woody2k> From: "Chris Carey" <chris@sublimespot.com> To: <vuln-dev@securityfocus.com> Subject: Re: Fwd: Please post this anonymously (without my email-address and such) Date: Wed, 24 Oct 2001 14:48:16 -0700
After a crash, IE Bug Reporting requires you to click a button to actually
send the bug report. I dont believe it is automatic, like John Doe
suggested.
So I guess from here lets add the 'Spoof the Screen' IE vuln into the mix
and trick them into sending the report
At this point I dont see this scenario as a threat.
Chris
----- Original Message -----
From: "Mike DeGraw-Bertsch" <mbertsch@radioactivedata.org>
To: "Blue Boar" <BlueBoar@thievco.com>
Cc: <vuln-dev@securityfocus.com>
Sent: Wednesday, October 24, 2001 8:51 AM
Subject: Re: Fwd: Please post this anonymously (without my email-address and
such)
> An interesting thought, though you'd have to get the virus to propogate
> prior to Outlook crashing. Otherwise you'd have to send a heck of a lot
> of messages yourself.
>
> -Mike
>
> On Tue, 23 Oct 2001, Blue Boar wrote:
>
> > > A few of my co-workers and I were just discussing the new error
reporting
> > > functions of Internet Explorer, and we came up with a nasty idea for a
virus
> > > utilizing that function as a method of causing a DoS. The idea is to
write
> > > a virus that propagates through email (nothing new here) and exploits
> > > Outlook and Outlook Express to achieve that propagation. This virus
would
> > > essentially cause the autopreview pane of Outlook to open viewing some
type
> > > of HTML/ASP, etc in a way that would cause IE to crash when attempting
to
> > > sort it. At that point, with the more recent releases of IE, there
would be
> > > an automatic initiation of debug data sent to Microsoft, through using
DNS
> > > to resolve.
> > >
> > > Obvious effects would be a likely DoS on business networks and on
> > > Microsoft's debug servers. Other effects could include difficulty in
> > > reaching and downloading patches for the vulnerabilities in the
software (if
> > > Microsoft patch servers are utilizing the same WAN link as the debug
> > > servers), as well as possible effects upon DNS servers, especially at
> > > Microsoft. In addition, as has already been talked about, an enormous
> > > amount of private information possibly stored on the debugs would be
> > > forwarded as well. I would imagine that this type of virus could also
> > > effect other kinds of "bugzilla" services.
> > >
> > > Just a thought...
> >
>
