Results 1 to 4 of 4

Thread: Unpatched IE vuln exploited by adware

  1. #1
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534

    Unpatched IE vuln exploited by adware

    Here we go again, better switch to opera, mozilla and the likes people !!

    http://secunia.com/advisories/11793

    Two vulnerabilities have been reported in Internet Explorer, which in combination with other known issues can be exploited by malicious people to compromise a user's system.

    1) A variant of the "Location:" local resource access vulnerability can be exploited via a specially crafted URL in the "Location:" HTTP header to open local files.

    Example:
    "Location: URL:ms-its:C:\WINDOWS\Help\iexplore.chm::/iegetsrt.htm"

    2) A cross-zone scripting error can be exploited to execute files in the "Local Machine" security zone.

    Secunia has confirmed the vulnerabilities in a fully patched system with Internet Explorer 6.0.
    http://www.theregister.co.uk/2004/06...tched_ie_flaw/

    The vulnerabilities are actively being exploited in the wild to install adware on users' systems, security researchers warn. Other exploits - include computer viruses - based on the same techniques of tricking users into visiting a maliciously constructed website housing malign script could follow.

    Etienne Greeff, director at MIS Corporate Defence Solutions, said: "This is a very sophisticated exploit using encryption and stealth technologies to deliver its payload, using previously unknown vulnerabilities to work."

    Windows users should disable Active Scripting support for all but trusted websites until Microsoft releases patches to address the vulnerabilities. The vulnerabilities were publicised by a Dutch 'white hat hacker' called Jelmer, who came across an example of an exploit of the flaws already in circulation last weekend.
    http://archives.neohapsis.com/archiv...4-06/0104.html


    In related news, there have been proven cases of misuse of some webmail systems in combination with this exploit, atleast two dutch ISP's.
    (link is dutch) http://www.webwereld.nl/nieuws/18746.phtml


    that Jelmer guy sure is a showoff !! http://62.131.86.111/security/idiots.../installer.htm (<-- proof of concept exploit)
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  2. #2
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    Wow, I'm sure glad I use Mozilla! IE seems to be more trouble than it's worth...

    www.mozilla.org

    mjk

  3. #3
    Senior Member
    Join Date
    Jun 2004
    Posts
    460

    Angry

    geez, maybe i will switch over to firefox -- this is getting kinda irritating...
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  4. #4
    Hmm...

    Hey Jinx I thought this exploit came out a little while ago. Ok maybe I was just reading something on an underground site. But I swear this one has been out for atleast 6 months.

    Damnit. Now I have to go and do some reading.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •