> I'm sorry, I thought you were already aware of the text/x-scriptlet > object variation of Ibiza which was exploited in the wild before Ibiza > was even discussed on Bugtraq - I assumed you would catch my reference > to this. Either way, this is still the ms-its/ms-itss CHM issue > regardless of how you trigger it. > > My bad, I will elaborate further in the future so we can avoid > discussing semantics.
Indeed I was not when and infact nobody I know was, when did you first observe it? Have you got any references to where it was discussed? I tried looking at http://pivxlabs.com/mailman/listinfo/unpatched_pivxlabs.com but the archives have been down for many many days now. I am just trying to establish some sort of timeline And if you had this information why didn't you pass it on? naturaly it's your god given right not to , but I am curious as to your motivation Also I am kind of confused as to why you referenced your bizex post in relation to this, yes it used *a* MSITS vulnerability , in particular the one reported by Arman Nayyeri (http://www.securitytracker.com/alerts/2003/Dec/1008578.html) but thats unrelated to the ibiza exploit for reference there's a very complete analysis of bizex at http://www.daemonology.net/ICQworm/worm.txt Am I missing something here? As to the refference to Roozbeh Afrasiabi's post , well I am glad someone could make sense of it, I surely couldn't so I wont comment on it > > > Regards > > Thor Larholm > Senior Security Researcher > PivX Solutions > 24 Corporate Plaza #180 > Newport Beach, CA 92660 > http://www.pivx.com > [EMAIL PROTECTED] > Phone: +1 (949) 231-8496 > PGP: 0x5A276569 > 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 > > PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of > Qwik-Fix > <http://www.qwik-fix.net> > -----Original Message----- > From: Jelmer [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 06, 2004 2:05 PM > To: Thor Larholm; David Jacoby; [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] IE exploit going around on irc > > > > What Niek forwarded is using the Ibiza CHM exploit that deals with > > improper privileges gained through the ms-its/ms-itss URL protocol > > handlers which is still unpatched. > > > Bzzzzt wrong > > It's a variation of the ibiza exploit, the ibiza exploit didn't work on > XP SP1, I know so because I checked at the time and yes this variation > is still unpatched > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
