|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: AIM Password theft
From: Jamie Pratt (jamie
nucdc.org)
Date: Wed Sep 24 2003 - 07:35:32 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Anyone know when this will terrible flaw be fixed by MS?
regards,
jamie
On 9/23/2003 7:44 PM, Lothar Kimmeringer wrote:
> On Tue, 23 Sep 2003 10:53:59 -0400, Mark Coleman wrote:
>
>
>>I just started investigating a report that appears to have merit of a
>>username/password theft of AIM accounts.
>>
>>Users are being directed to a web page located at www.haxr.org where the
>>source appears to run a javascript program that is proportedly stealing
>>AIM usernames/passwords/buddy lists.
>>
>>Does anyone have any information related to www. haxr.org or the
>>technique being used?
>
>
> The technique uses a flaw in Internet Explorer with the OBJECT-tag
> allowing code to be executed locally that is loaded from a website.
>
> The tag
> <![CDATA[
> <object data=tracker.php></object>
> ]]>
> lets IE download a HTML-application that will be executed after
> loading.
>
> A testpage where you can test your locally installed Internet
> Explorer for being vulnerable can be found at
> http://www.heise.de/security/dienste/browsercheck/demos/ie/htacheck.shtml
> If your installation is vulnerable, a program will be downloaded
> to C:\browsercheck.exe that will executed afterwards leading to
> a window popping up. The page is in German.
>
>
> Regards, Lothar
>
--
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]