[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly

To: Berend-Jan Wever <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly
From: Raoul Nakhmanson-Kulish <raoul@xxxxxxxxxxxxx>
Date: Thu, 02 Dec 2004 19:57:39 +0300

Hello, Berend-Jan Wever!

The IFRAME vulnerability has been patched, see
http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx

Oh! Thanks, God!

Good that nobody has hit upon an idea until now about exploiting this to launch self-spreading mail virus without user interaction by putting iframe into HTML message body: this hole is exploitable even in restricted zone and millions of OE and Outlook lemmings would be doomed.

Such thought visited me nearly right away when I had known this issue.

--
Best regards,
Raoul Nakhmanson-Kulish
Elfor Soft Ltd.,
ERP Department
http://www.elforsoft.ru/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Official IFRAME patch - make sure it installs correctly
  - From: Berend-Jan Wever

Prev by Date: Re: [Full-Disclosure] If Lycos can attack spammer sites, can we all start doing it?
Next by Date: Re: [Full-Disclosure] If Lycos can attack spammer sites, can we all start doing it?
Previous by thread: Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly
Next by thread: Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly
Index(es):
- Date
- Thread