[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] ADODB.Stream object
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] ADODB.Stream object
- From: Nick FitzGerald <nick@virus-l.demon.co.uk>
- Date: Wed, 27 Aug 2003 14:20:35 +1200
jelmer <jkuperus@planet.nl> wrote:
<<snip interesting stuff>>
> I dont think it in it self can not be concidered a security vulnerabilty as
> it only works when the file containing the code is present on a users
> harddisk, though html files are generally considered trusted and you can
> probably trick some people into opening an html file by sending it to them
> through msn messenger or whatever.
> It can most likely be used to leverage other vulnerabilities, for instance
> many programs download information to predictable locations from where you
> might invoke it.
I do not see this as much of an issue/problem for widespread
exploitation of this. Recall the (modest) "success" of the MindJail
virus, and the ongoing success of Mijail (which is by far the most
prevalent mass-mailing virus this month if you ignore the Sobig.F
freak). Both of these viruses exploited a "My Computer" zone-only IE
vulnerability, depending on the typical handling of files from inside
archives being placed into %TEMP% despite their source archives clearly
being handled in the TIF. Of course, MS (and thus IE) cannot manage
third-party programs handling of files passed out of of IE's security
zones...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html