Full Disclosure mailing list archives
Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!))
From: pachiderme pachiderme <pachiderme () gmail com>
Date: Tue, 9 Nov 2004 14:52:40 +0100
I just read this news about the first implementation : F-Secure Virus Descriptions : MyDoom.AG This Mydoom variant is considerably different from previous Mydooms. In fact, it might not be a variant at all, but a totally new virus family. It does spread over email, like Mydooms normally do. However, this new variant do not send attachments at all; instead they send emails with links to a website. There are several different emails. Interestingly, the link points to a website which is actually running on the infected machine that sent the email in the first place. The worm accomplishes this by installing a small web server on port 1639 on each infected machine. This technique is a bit similar to what for example Blaster worm does to transfer itself to each infected machine; instead of using a central download server it turns each infected machine to one. Even more interestingly, the web page uses a brand new IFRAME vulnerability in Internet Explorer to infect the computer. There's no patch for Windows 2000 or XP SP1 yet. Windows XP SP2 is not vulnerable _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Berend-Jan Wever (Nov 01)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) morning_wood (Nov 02)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Georgi Guninski (Nov 09)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) pachiderme pachiderme (Nov 09)
- <Possible follow-ups>
- RE: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Menashe Eliezer (Nov 07)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Berend-Jan Wever (Nov 07)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) patryn (Nov 08)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Valdis . Kletnieks (Nov 08)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Jim Geovedi (Nov 09)
- Re: MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!)) Berend-Jan Wever (Nov 07)