I check for updates religiously and usually Norton will update daily.
I've got a few box's that run the freeware AVG and you won't got an updated database for a week! I suppose you really do "get what you pay for"..............
Printable View
I check for updates religiously and usually Norton will update daily.
I've got a few box's that run the freeware AVG and you won't got an updated database for a week! I suppose you really do "get what you pay for"..............
UPDATE:
sample of the code:
<object id="oFile" classid="clsid:11111111-1111-1111-1111-111111111111"
codebase="c:/WINDOWS/system32/calc.exe"></object>
I did some experiments and changed where it says c:/WINDOWS/system32/calc.exe"> to ftp://ftp.aol.com and then did netstat and it said i was connected to ftp.aol.com. It does not open IE though but the connection is running in the background...
Hello Euclid,
I tried earlier to use this exploit to do something more constructive but with no sussess. This is a example about what I tried to do amongst other things aswell "cmd /c netstat -an > status.txt".
I could open a shell but not make anything further with it and I did not succed to pass any arguments to any program.
Have you been more successful then I have been, and really used the bug to do something constructive or destructive please send me a PM with the details.
~micael
did you try encoding the spaces and the slash?
that would make it:
"cmd%20/c%20netstat%20-an%20>%20status.txt"
never mind, i just tryed it on my own...i bet if your inventive enough you can get it to do commands...
i have also discovered that it has to be plain text, no encoded chars or it doesnt work(atleast it didnt work when i encoded the whole thing)
Conf1rm3d_K1ll - I have NAV corp ed 7.6 with the latest updates. Mine did not catch the exploit. It didnt even give me any warning. I'm probably gonna end up calling Sytmantec on it, but you have any ideas why it wouldnt catch it?
It would be great if I can rely on NAV to stop this instead of waiting for MS to patch it.
Thanks
Nice Sygate'll stop even these type of attacks. Sweet. I wonder if anyone running NeoWatch or Tiny wouldn't mind trying it.??????? And maybe let me know.........
I found a simmilar one here
http://www.liquidwd.freeserve.co.uk/
Hello everyone. I found a way to prevent this exploit from working. In Internet Explorer go to tools, Internet Options, then click on the Security Tab. At the security tab choose custom level. Disable the "Download unsigned ActiveX controls, and "Initialize and script ActiveX controls not marked as safe". Now the malicious code will no longer work on your system.
Updated NAV 2001 (defs dated 03/08) did NOT catch it...
Sygate did NOT catch it....
there is no hotfix at m$ yet...
this may in fact be the worst freakin exlpoit yet....
FORMAT C:??!!!!???? for f8ck sake....i'm so pissed right now...
thnx for the heads up Euclid