[Declude.Virus] hlp attachments
I just had a client request blocking of hlp attachments. I have been extremely busy with 2 major projects and have not seen anything about this. Any one have information on a virus that uses that? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] hlp attachments
Hi John.. I had never of it but.. Here is a Google search result.. http://www.uts.edu.au/email/advanced/executable.html http://office.microsoft.com/en-us/assistance/HA011402971033.aspx Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, December 28, 2004 1:51 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] hlp attachments I just had a client request blocking of hlp attachments. I have been extremely busy with 2 major projects and have not seen anything about this. Any one have information on a virus that uses that? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] hlp attachments
http://www.thechannelinsider.com/article2/0,1759,1745654,00.asp Darin. - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: Declude.Virus@declude.com Sent: Tuesday, December 28, 2004 1:50 PM Subject: [Declude.Virus] hlp attachments I just had a client request blocking of hlp attachments. I have been extremely busy with 2 major projects and have not seen anything about this. Any one have information on a virus that uses that? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] hlp attachments
FYI - Not sure about hlp, but there is an exploit with chm (windows help files). Microsoft Internet Explorer Fully Automated Remote Compromise Summary: Summary A vulnerability exists in Microsoft Internet Explorer version 6.0 on Windows XP SP2 or Windows Server 2003 due to the combination of multiple known security holes found in Windows Service Pack 2. A remote attacker could exploit this vulnerability to execute arbitrary code on vulnerable systems with minimal user interaction. Technical Analysis hhctrl.ocx is the Microsoft HTML Help ActiveX control which supports all functions of the user help interface. The lack of restrictions set in Internet Explorer allow web pages to open any local webpage or a Windows Help file(.chm) compiled with HTML help via hh.exe, the HTML Help tool. An attacker may host a malicious web page that utilizes hhctrl.ocx to launch a help pop-up window that opens the location of a webpage or a Windows Help file(.chm) in the 'local' zone. hhctrl.ocx can then be used to navigate to a javascript handler that allows an arbitrary remote program to be injected into the previously opened page and executed. The HHClick() function can be used to automate the vulnerability and bypass the need for user interaction. Since some systems may not have this particular ActiveX control, successful exploitation requires Windows Server 2003 hosts to have hhctrl.ocx installed. Platform: 1 - Microsoft Product/version: XP SP2 and Server 2003 Links: http://www.k-otik.com/exploits/20041228.CMDExe.php http://www.freewebs.com/shreddersub7/expl-discuss.htm Darrell Kami Razvan writes: Hi John.. I had never of it but.. Here is a Google search result.. http://www.uts.edu.au/email/advanced/executable.html http://office.microsoft.com/en-us/assistance/HA011402971033.aspx Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, December 28, 2004 1:51 PM To: Declude.Virus@declude.com Subject: [Declude.Virus] hlp attachments I just had a client request blocking of hlp attachments. I have been extremely busy with 2 major projects and have not seen anything about this. Any one have information on a virus that uses that? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] hlp attachments
Any one have information on a virus that uses that? New MS hotfixes from the last two days--one covers a vulnerability in WinHelp. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.