Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: RE: [Full-Disclosure] Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)

RE: [Full-Disclosure] Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)

From: Chris Carlson <chris_at_compucounts.com>
Date: Sun, 6 Jun 2004 22:06:01 -0400

When run remotely:

Line: 1
Char: 1
Error: Access is denied.
Code: 0
URL: http://62.131.86.111/security/idiots/repro/installer.htm

When run locally, software installation is blocked.

Using IE 6.0.2900.2096 SP2, WinXP SP2

I've gotta say that SP2 has some VERY nice protection builtin. On the downside, I still havn't figured out how to turn it off ;)

> -----Original Message-----
> From: full-disclosure-admin_at_lists.netsys.com
> [mailto:full-disclosure-admin_at_lists.netsys.com] On Behalf Of Jelmer
> Sent: Sunday, June 06, 2004 21:22
> To: bugtraq_at_securityfocus.com
> Cc: full-disclosure_at_lists.netsys.com; peter_at_diplomatmail.net
> Subject: [Full-Disclosure] Internet explorer 6 execution of
> arbitrary code (An analysis of the 180 Solutions Trojan)
>
> Just when I though it was save to once more use internet
> explorer I received an email bringing my attention to this
> webpage http://216.130.188.219/ei2/installer.htm   that
> according to him used an exploit that affected fully patched
> internet explorer 6 browsers. Being rather skeptical I
> carelessly clicked on the link only to witness how it
> automatically installed addware on my pc!!!
>  
> Now there had been reports about 0day exploits making rounds
> for quite some time like for instance this post
>  
> http://www.securityfocus.com/archive/1/363338/2004-05-11/2004-05-17/0
>  
> However I hadn't seen any evidence to support this up until
> now Thor Larholm as usual added to the confusion by
> deliberately spreading disinformation as seen in this post
>  
> http://seclists.org/lists/bugtraq/2004/May/0153.html
>  
> Attributing it to and I quote "just one of the remaining IE
> vulnerabilities that are not yet patched"
>
> I've attempted to write up an analysis that will show that
> there are at least 2 new and AFAIK unpublished
> vulnerabilities (feel free to proof me
> wrong) out there in the wild, one being fairly sophisticated
>
> You can view it at:
>
> http://62.131.86.111/analysis.htm
>
> Additionally you can view a harmless demonstration of the
> vulnerabilities at
>
> http://62.131.86.111/security/idiots/repro/installer.htm
>
> Finally I also attached the source files to this message
>
>
Received on Jun 07 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos