Skip to site navigation (Press enter)
Re: [Full-Disclosure] MSIE
and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!))</span></a></span> </h1> <p class="darkgray font13"> <span class="sender pipe"><a href="/search?l=full-disclosure@lists.netsys.com&q=from:%22pachiderme+pachiderme%22" rel="nofollow"><span itemprop="author" itemscope itemtype="http://schema.org/Person"><span itemprop="name">pachiderme pachiderme</span></span></a></span> <span class="date"><a href="/search?l=full-disclosure@lists.netsys.com&q=date:20041109" rel="nofollow">Tue, 09 Nov 2004 06:22:52 -0800</a></span> </p> </div> <div itemprop="articleBody" class="msgBody"> <!--X-Body-of-Message--> <pre>I just read this news about the first implementation : F-Secure Virus Descriptions : MyDoom.AG</pre><pre> This Mydoom variant is considerably different from previous Mydooms. In fact, it might not be a variant at all, but a totally new virus family. It does spread over email, like Mydooms normally do. However, this new variant do not send attachments at all; instead they send emails with links to a website. There are several different emails. Interestingly, the link points to a website which is actually running on the infected machine that sent the email in the first place. The worm accomplishes this by installing a small web server on port 1639 on each infected machine. This technique is a bit similar to what for example Blaster worm does to transfer itself to each infected machine; instead of using a central download server it turns each infected machine to one. Even more interestingly, the web page uses a brand new IFRAME vulnerability in Internet Explorer to infect the computer. There's no patch for Windows 2000 or XP SP1 yet. Windows XP SP2 is not vulnerable _______________________________________________ Full-Disclosure - We believe in it. Charter: <a href="http://lists.netsys.com/full-disclosure-charter.html">http://lists.netsys.com/full-disclosure-charter.html</a> </pre> </div> <div class="msgButtons margintopdouble"> <ul class="overflow"> <li class="msgButtonItems"><a class="button buttonleft buttondisabled" accesskey="p" href="#">Previous message</a></li> <li class="msgButtonItems textaligncenter"><a class="button" accesskey="c" href="thrd15.html#25542">View by thread</a></li> <li class="msgButtonItems textaligncenter"><a class="button" accesskey="i" href="mail15.html#25542">View by date</a></li> <li class="msgButtonItems textalignright"><a class="button buttonright " accesskey="n" href="msg25543.html">Next message</a></li> </ul> </div> <a name="tslice"></a> <div class="tSliceList margintopdouble"> <ul class="icons monospace"> </ul> </div> <div class="overflow msgActions margintopdouble"> <div class="msgReply" > <h2> Reply via email to </h2> <form method="POST" action="/mailto.php"> <input type="hidden" name="subject" value="Re: [Full-Disclosure] MSIE <IFRAME> and <FRAME> tag NAME property bufferoverflow PoC exploit (was: python does mangleme (with IE bugs!))"> <input type="hidden" name="msgid" value="bd4106a704110905525e2511c6@mail.gmail.com"> <input type="hidden" name="relpath" value="full-disclosure@lists.netsys.com/msg25542.html"> <input type="submit" value=" pachiderme pachiderme "> </form> </div> </div> </div> <div class="aside" role="complementary"> <div class="logo"> <a href="/"><img src="/logo.png" width=247 height=88 alt="The Mail Archive"></a> </div> <form class="overflow" action="/search" method="get"> <input type="hidden" name="l" value="full-disclosure@lists.netsys.com"> <label class="hidden" for="q">Search the site</label> <input class="submittext" type="text" id="q" name="q" placeholder="Search full-disclosure"> <input class="submitbutton" name="submit" type="image" src="/submit.png" alt="Submit"> </form> <div class="nav margintop" id="nav" role="navigation"> <ul class="icons font16"> <li class="icons-home"><a href="/">The Mail Archive home</a></li> <li class="icons-list"><a href="/full-disclosure@lists.netsys.com/">full-disclosure - all messages</a></li> <li class="icons-about"><a href="/full-disclosure@lists.netsys.com/info.html">full-disclosure - about the list</a></li> <li class="icons-expand"><a href="/search?l=full-disclosure@lists.netsys.com&q=subject:%22Re%5C%3A+%5C%5BFull%5C-Disclosure%5C%5D+MSIE+%3CIFRAME%3E+and+%3CFRAME%3E+tag+NAME+property+bufferoverflow+PoC+exploit+%5C%28was%5C%3A+python+does+mangleme+%5C%28with+IE+bugs%5C%21%5C%29%5C%29%22&o=newest&f=1" title="e" id="e">Expand</a></li> <li class="icons-prev"><a href="#" title="p">Previous message</a></li> <li class="icons-next"><a href="msg25543.html" title="n">Next message</a></li> </ul> </div> <div class="listlogo margintopdouble"> </div> <div class="margintopdouble"> </div> </div> </div> <div class="footer" role="contentinfo"> <ul> <li><a href="/">The Mail Archive home</a></li> <li><a href="/faq.html#newlist">Add your mailing list</a></li> <li><a href="/faq.html">FAQ</a></li> <li><a href="/faq.html#support">Support</a></li> <li><a href="/faq.html#privacy">Privacy</a></li> <li class="darkgray">bd4106a704110905525e2511c6@mail.gmail.com</li> </ul> </div> </body> </html> <script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'9d6dfba3f968d04f',t:'MTc3MjU5NjkyMA=='};var a=document.createElement('script');a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();</script>