Re: To Anyone who has Internet Explorer Installed or any other browser (Everybody)

From: ParrotRob (parrotrob_at_yahoo.com)
Date: 06/05/03


Date: Thu, 05 Jun 2003 19:14:21 GMT


"sponge" <yosponge@yahoo.com> wrote in message
news:8d76ec03.0306050225.2fe8ef5@posting.google.com...
> Two things, and I'll make them quick. First, a virus has been
> discovered by Kaspersky's about two weeks ago which uses an exploit in
> Internet Explorer that has been known -- and unpatched by Microsoft --
> for two years. There is no way to "lock down" the browser; the only
> possible way to secure yourself from this is to discontinue using
> Internet Explorer entirely. Furthermore, there is no evidence that
> Microsoft plans a patch.
>
> http://www.kaspersky.com/news.html?id=977909
> http://hackbox.thematrix.gr/modules/news/article.php?storyid=607
>
> On a related note, yet another flaw has been discovered in Internet
> Explorer that allows remote code execution. According to Microsoft's
> security update, this affects even those who DO NOT use Internet
> Explorer as their browser (read: everybody.) At least there's a patch
> for this. However, IE still cannot be safely used.
>
> http://www.microsoft.com/windows/ie/downloads/critical/818529/default.asp

"StartPage is a classic Trojan - it is sent to victim addresses directly
from the author and does not have an automatic send function. The first mass
mailing to several hundred thousand addresses ..."
<snip>
"The StartPage program is a Zip-archive that contains two files - one HTML
file and one EXE file. Upon opening the HTML file the StartPage code is
launched and proceeds to exploit the Internet Explorer security system
vulnerability known as "Exploit.SelfExecHtml". It then proceeds to
clandestinely launch the EXE file carrying the Trojan program."

So let me get this straight - someone has to MAIL me a zip archive, which I
then need to UNZIP, then actually LOAD an HTML-file contained therein to
infect myself, do I have that right? If that's the case, than saying this
is a "vulnerability in IE" is like saying my writing a simple executable to
rd /s /q c:\*. - then burying it in a zip file and mailing it to you - is a
"vulnerability in DOS".



Relevant Pages

  • Re: To Anyone who has Internet Explorer Installed or any other browser (Everybody)
    ... >"The StartPage program is a Zip-archive that contains two files - one ... Upon opening the HTML file the StartPage code ... >launched and proceeds to exploit the Internet Explorer security ... >vulnerability known as "Exploit.SelfExecHtml". ...
    (comp.security.misc)
  • Re: To Anyone who has Internet Explorer Installed or any other browser (Everybody)
    ... >"The StartPage program is a Zip-archive that contains two files - one ... Upon opening the HTML file the StartPage code ... >launched and proceeds to exploit the Internet Explorer security ... >vulnerability known as "Exploit.SelfExecHtml". ...
    (comp.security.firewalls)
  • Re: To Anyone who has Internet Explorer Installed or any other browser (Everybody)
    ... "The StartPage program is a Zip-archive that contains two files - one HTML ... launched and proceeds to exploit the Internet Explorer security system ... vulnerability known as "Exploit.SelfExecHtml". ... If that's the case, than saying this ...
    (comp.security.firewalls)
  • [NT] Cumulative Security Update for Internet Explorer (MS06-021)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Improper memory and user input handling with Internet Explorer allows ... A remote code execution vulnerability exists in the way Internet Explorer ...
    (Securiteam)
  • [NT] Cumulative Security Update for Internet Explorer (MS06-013)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Microsoft Internet Explorer allow attackers to execute arbitrary code, ... A remote code execution vulnerability exists in the way Internet Explorer ...
    (Securiteam)