[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Unofficial Internet Explorer FRAME/IFRAME fix

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Unofficial Internet Explorer FRAME/IFRAME fix
From: Thomas Rogg <tr-lists@xxxxxxxxxxxxx>
Date: Fri, 12 Nov 2004 01:22:29 +0100

Hello list,

http://www.cherryware.de/framefix/

This is a program, which patches the FRAME/IFRAME vulnerability described on the mailing list SecurityFocus <http://www.securityfocus.com/archive/1/380175> (http://www.securityfocus.com/archive/1/380175) on Windows 2000 and XP. This vulnerability has been public for a rather short time and is already being used by MyDoom.AI and MyDoom.AH to spread themselves.

This patch does just-in-time patching. It does not change any system files, but rather installs a program that changes the loaded system files' code before a HTML page is loaded. Because of this, the patch is easily uninstallable.

Any comments appreciated,

Thomas Rogg

Prev by Date: Re: Unsecure Ftpd on HP PSC 2510 Printer
Next by Date: [ GLSA 200411-21 ] Samba: Remote Denial of Service
Previous by thread: Contact in HP related to OpenView / Coda
Next by thread: [ GLSA 200411-21 ] Samba: Remote Denial of Service
Index(es):
- Date
- Thread