FW: Re: not confirmed but i wonder what this would do
From: itm@itmo.dyndns.orgDate: 12/29/01
- Previous message: Przemyslaw Frasunek: "Re: Possible problem with GnuPG 1.0.6"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 29 Dec 2001 21:33:23 +0200 (EET) From: itm@itmo.dyndns.org To: vuln-dev@securityfocus.com
forwarding his to vuln-dev like i was told.
> I havent tested this but i wonder if this could be used as a DoS attack:
>
> 1.embed a string to a cookie which matches with some virus string (like that
> example virus-detector string, cant remember its name)
>
> 2.browser usually saves the cookie straight into a file
>
> 3.anti-virus program finds out that there is a virus in the file since it
> matches the string, and quarantines /deletes the file and pops up a dialog
>
> 4. what then? IE dies since it cant access the cookie file? user is very
> confused? browsing is halted atleast? will the antivirus program intercept the
> attack from the http response already or will it get into the file and cause
> this effect? what can you do to prevent stuff like this? naturally disable
> cookies or not browse the site but..
>
> gotta test this but now i havent got the time.
>
>
> Markus Mikkolainen
>
- Previous message: Przemyslaw Frasunek: "Re: Possible problem with GnuPG 1.0.6"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
