Nick FitzGerald
Wed, 27 Aug 2003 03:19:31 +0000
jelmer <[EMAIL PROTECTED]> wrote: <<snip interesting stuff>> > I dont think it in it self can not be concidered a security vulnerabilty as > it only works when the file containing the code is present on a users > harddisk, though html files are generally considered trusted and you can > probably trick some people into opening an html file by sending it to them > through msn messenger or whatever. > It can most likely be used to leverage other vulnerabilities, for instance > many programs download information to predictable locations from where you > might invoke it.
I do not see this as much of an issue/problem for widespread exploitation of this. Recall the (modest) "success" of the MindJail virus, and the ongoing success of Mijail (which is by far the most prevalent mass-mailing virus this month if you ignore the Sobig.F freak). Both of these viruses exploited a "My Computer" zone-only IE vulnerability, depending on the typical handling of files from inside archives being placed into %TEMP% despite their source archives clearly being handled in the TIF. Of course, MS (and thus IE) cannot manage third-party programs handling of files passed out of of IE's security zones... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html