wode.jpg it has a vulnerability jpg MS04-28 http://www.theinquirer.net/?article=18585 news.htm it has a vulnerability object data http://www.securityfocus.com/archive/1/358862
On Mon, 20 Sep 2004 17:59:30 -0400, Aaron Horst <[EMAIL PROTECTED]> wrote: > Interesting. It would appear to not be a JPEG worm, but rather to be > the regular old CHM exploits. The interesting thing about it is that > it simply calls a link that was posted to FD last week. > > The JPG is simply HTML, which loads http://www.xf*s.com/msn/1.jpg into > the main page, with http://www.xf*s.com/msn/news.htm in an iframe. > (Note: Change * to 2, to protect the unpatched IE users). I'm not sure > why that would be processed... > > However, news.htm was plugged by Nicolas Montoza <[EMAIL PROTECTED]> last week: > http://lists.netsys.com/pipermail/full-disclosure/2004-September/026475.html > > AnthraX101 > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- D. Nicolas Montoza T. < [EMAIL PROTECTED] > Security Research & Development PGPkey 0x564034EC Available at KeyServ BEF5 1795 BFCC DB2C 0BEF 92BD 0162 885F 5640 34EC _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
