-----Original Message----- From: Thor Larholm Sent: Tuesday, September 23, 2003 2:06 PM Subject: RE: [Fwd: Re: AIM Password theft]
This is just a simple exploit utilizing the Object Data vulnerability discovered by Drew Copley, coupled with the GreyMagic no-script HTML rendering as demonstrated earlier on this list and others by jelmer. Tell your user to go install MS03-032, which he obviously did not do as MS03-032 patches this vulnerability. MS03-032 was released on August 20 and you can find it at http://www.microsoft.com/technet/security/bulletin/MS03-032.asp -------------------------- Actually the MS03-032 patch doesn't stop the object data vulnerability. Check it here... http://www.secunia.com/MS03-032/ I am patched with MS03-032 ( Q822925 ) but am still vulnerable. Possibly the particular version at haxr.org is the exploit that the patch fixes but if it is, it could easily be modified to the vuln that still works. Only way to really stop it is kill your activex scripting for untrusted sites. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
