This just came across the wire and if anyone can find a working exploit to make a signature for this latest iframe we can jump ahead of new exploits which are fast coming. I will continue to look for a working exploit and post a sig when available. We are on the edge of a big outbreak and example code exists on the Internet. This is labeled "Extrememly Critical" and everyone knows how well windows users do their updates.
As best that I can tell, everyone who uses Internet Explorer derived mail rendering is vulnerable. This includes Outlook, Outlook Express and Incredimail. Certainly others exist as well and this will not be a small issue. -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 ---------- Forwarded message ---------- Date: Tue, 2 Nov 2004 20:56:47 +0100 To: [EMAIL PROTECTED] From: Secunia Security Advisories <[EMAIL PROTECTED]> Subject: [SA12959] Internet Explorer IFRAME Buffer Overflow Vulnerability X-NSC-p: 0.379006690703401 X-NSC-s: 0 X-NSC-r: 16777215 ---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l ---------------------------------------------------------------------- TITLE: Internet Explorer IFRAME Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA12959 VERIFY ADVISORY: http://secunia.com/advisories/12959/ CRITICAL: Extremely critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 6 http://secunia.com/product/11/ DESCRIPTION: A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the handling of certain attributes in the <IFRAME> HTML tag. This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the "SRC" and "NAME" attributes of the <IFRAME> tag. Successful exploitation allows execution of arbitrary code. The vulnerability has been confirmed in the following versions: * Internet Explorer 6.0 on Windows XP SP1 (fully patched). * Internet Explorer 6.0 on Windows 2000 (fully patched). NOTE: This advisory has been rated "Extremely critical" as a working exploit has been published on public mailing lists. SOLUTION: The vulnerability does not affect systems running Windows XP with SP2 installed. Use another product. PROVIDED AND/OR DISCOVERED BY: Discovered by: ned Additional research and exploit by: Berend-Jan Wever ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=announce%40national-security.net ---------------------------------------------------------------------- _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
