[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] FW: [Fwd: Re: AIM Password theft]
- To: "Bassett, Mark" <mbassett@xxxxxxxxx>, "NTBugtraq" <NTBUGTRAQ@xxxxxxxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>, <list@xxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] FW: [Fwd: Re: AIM Password theft]
- From: "Thor Larholm" <thor@xxxxxxxx>
- Date: Wed, 24 Sep 2003 13:29:39 -0700
Mark,
You are correct, I should not have replied to Mark when I had not yet had my
morning coffee. The dynamic rendering of OBJECT elements still trigger the HTA
functionality exposed in Windows. Personally, though, I see this as an
unrelated vulnerability regarding static/dynamic code rendering which has a
greater impact than just allowing HTA code to execute.
Both GM#001 and thePulls POC, which malware cites, are one and the same issue
instead of two separate, they both trigger the dynamic rendering of HTML
instead of the static - GM#001 just does this without requiring scripting.
Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://www.pivx.com/larholm/unpatched - Unpatched IE vulnerabilities
-----Original Message-----
From: Bassett, Mark [mailto:mbassett@xxxxxxxxx]
Sent: Wed 9/24/2003 7:57 AM
To: Thor Larholm; NTBugtraq; full-disclosure@xxxxxxxxxxxxxxxx;
list@xxxxxxxxxxx
Cc:
Subject: RE: [Full-Disclosure] FW: [Fwd: Re: AIM Password theft]
Actually the MS03-032 patch doesn't stop the object data vulnerability.
Check it here... http://www.secunia.com/MS03-032/
I am patched with MS03-032 ( Q822925 ) but am still vulnerable.
Possibly the particular version at haxr.org is the exploit that the
patch
fixes but if it is, it could easily be modified to the vuln that still
works. Only way to really stop it is kill your activex scripting for
untrusted sites.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html