OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[Full-Disclosure] Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)

From: Jelmer (jkuperusplanet.nl)
Date: Sun Jun 06 2004 - 20:21:52 CDT


Just when I though it was save to once†more†use internet explorer I received
an†email bringing my attention to this webpage
http://216.130.188.219/ei2/installer.htm † that according to him used an
exploit that affected fully patched internet explorer 6 browsers. Being
rather skeptical I carelessly clicked on the link only to witness how it
automatically installed addware on my pc!!!

Now there had been reports about 0day exploits making rounds for quite some
time like for instance this post

http://www.securityfocus.com/archive/1/363338/2004-05-11/2004-05-17/0

However I hadn't seen any evidence to support this up until now
Thor Larholm as usual added to the confusion by deliberately spreading
disinformation as seen in this post

http://seclists.org/lists/bugtraq/2004/May/0153.html

Attributing it to and I quote "just one of the remaining IE vulnerabilities
that are not yet patched"

Iíve attempted to write up an analysis that will show that there are at
least 2 new and AFAIK unpublished vulnerabilities (feel free to proof me
wrong) out there in the wild, one being fairly sophisticated

You can view it at:

http://62.131.86.111/analysis.htm

Additionally you can view a harmless demonstration of the vulnerabilities at

http://62.131.86.111/security/idiots/repro/installer.htm

Finally I also attached the source files to this message

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html