Bugtraq mailing list archives
Re: Six Step IE Remote Compromise Cache Attack
From: Jelmer <jkuperus () planet nl>
Date: Thu, 06 Nov 2003 01:19:36 +0100
This post raises an interesting question. Is our goal to find new vulnerabilities and attack vectors to help secure users and critical infrastructures, or is our goal to ease exploitation of existing vulnerabilities?
Interesting viewpoint from someone who willfully published code that caused a worm to spread (and infact admitted to that he expected no less) and I quote http://www.pcworld.com/news/article/0,aid,84324,00.asp "The worm is a modified version of our example code. We never intended for anybody to copy the code, although we kind of expected it would happen," said Thor Larholm, one of the two Europeans who demonstrated how specially crafted code on a Web page could take over MSN Messenger. "We published the example to put pressure on Microsoft to patch vulnerabilities that they are fully aware of."
There are no new vulnerabilities or techniques highlighted in this attack (which is what it is), just a combination of several already known vulnerabilities. This is not a proof-of-concept designed to highlight how a particular vulnerability works,
Untrue , normally content accessed in the temporary internet files folder is in the restricted zone Liu pointed out that this can be bypassed. this is the new and crucial ingredient in the mix without it, one would not be able to exploit this in this fashion
but an exploit designed specifically to compromise your machine. All a malicious viruswriter has to do is exchange the EXE file.
Believe me, I am all in for full disclosure and detailing every aspect of a vulnerability to prevent future occurances of similar threats, but I don't particularly think that we should actively be trying to help malicious persons.
There are many reasons imaginable why you want to do this - It proofs the relevance of liu's cache exploit - There are workarounds for some issues, many might not bother applying them because they dismiss it as not being important enough to bother - One vulnerability used in this is *OVER 2 YEARS OLD* microsoft bloody well needs to wake up and smell the coffee, putting some pressure on them is just what is needed - If liu can do it theres a big chance that somewhere someone can do the same, you could get hacked without knowing about it, I prefer to know whats out there so I can take countermeasures - He obviously takes great pride in his work, you can see he worked long and hard at it, six steps thats quite a feat, working past every obstactle there's a lot of stuff going on that researchers can look at and learn from - It may give him the media attention to land a job much, which he seems to be seeking, it's a proven concept, you did get your job over at pivx after publishing the wormcode -----Original Message----- From: Liu Die Yu [mailto:liudieyuinchina () yahoo com cn] Sent: Wednesday, November 05, 2003 2:35 AM To: bugtraq () securityfocus com Subject: Six Step IE Remote Compromise Cache Attack Snip http://www.securityfocus.com/archive/1/343464/2003-11-02/2003-11-08/0
Current thread:
- Six Step IE Remote Compromise Cache Attack Liu Die Yu (Nov 05)
- <Possible follow-ups>
- RE: Six Step IE Remote Compromise Cache Attack Thor Larholm (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Steve Hillier (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Benjamin Franz (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack white colin john (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Tyler Larson (Nov 06)
- Re: Six Step IE Remote Compromise Cache Attack Florian Weimer (Nov 07)
- Re: Six Step IE Remote Compromise Cache Attack Florian Weimer (Nov 05)
- Re: Six Step IE Remote Compromise Cache Attack Seth Arnold (Nov 05)
- Re: Six Step IE Remote Compromise Cache Attack Jelmer (Nov 06)
- RE: Six Step IE Remote Compromise Cache Attack Thor Larholm (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Paul Szabo (Nov 05)
- RE: Six Step IE Remote Compromise Cache Attack Drew Copley (Nov 06)
- Re: Six Step IE Remote Compromise Cache Attack http-equiv () excite com (Nov 06)
- Re: RE: Six Step IE Remote Compromise Cache Attack Steven M. Christey (Nov 06)
- Re: RE: Six Step IE Remote Compromise Cache Attack Paul Schmehl (Nov 06)
- RE: Six Step IE Remote Compromise Cache Attack Steven M. Christey (Nov 07)
- Re: Six Step IE Remote Compromise Cache Attack Goetz Babin-Ebell (Nov 10)
- Re: Six Step IE Remote Compromise Cache Attack Byron Sonne (Nov 10)
- RE: Six Step IE Remote Compromise Cache Attack Alun Jones (Nov 11)
- Re: Six Step IE Remote Compromise Cache Attack Goetz Babin-Ebell (Nov 10)