[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: IE exploit runs code from graphics?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Re: IE exploit runs code from graphics?
From: Joe Stewart <jstewart@xxxxxxxxx>
Date: Thu, 24 Jun 2004 20:57:45 -0400

On Thu, 24 Jun 2004 19:02:01, larry@xxxxxxxxxxxxxxxx wrote:
> From http://www.eweek.com/article2/0,,1617045,00.asp: 
>
> "Analysts at NetSec Inc., a managed security services provider, began 
> seeing indications of the compromises early Thursday morning and have 
> since seen a large number of identical attacks on their customers' networks.
> The attack uses a novel vector: embedded code hidden in graphics on Web 
> pages... NetSec officials said the attack seems to exploit a vulnerability
> in Internet Explorer." 

This is somewhat misleading. The attack is appending javascript footers to 
every file served by the IIS server, including image files. This isn't a new 
vector, it's just a side-effect. More information at http://isc.sans.org/

-Joe

-- 
Joe Stewart, GCIH 
Senior Security Researcher
LURHQ http://www.lurhq.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] IE exploit runs code from graphics?
Next by Date: Re: [Full-Disclosure] New malware to infect IIS and from there jump to clients
Previous by thread: [Full-Disclosure] [ GLSA 200406-19 ] giFT-FastTrack: remote denial of service attack
Next by thread: [Full-Disclosure] defamatory joe job attack by botnet
Index(es):
- Date
- Thread