|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: AIM Password theft
From: Bergeron, Jared (jared.bergeron
office.xerox.com)
Date: Wed Sep 24 2003 - 12:49:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Not that I can see, if you look at the 032 notes it does state that this has not been fixed ;(
Technical description:
Microsoft originally issued this bulletin on August 20th, 2003. Subsequent to issuing the security bulletin, Microsoft received reports that the patch provided with this bulletin does not properly correct the Object Type Vulnerability (CAN-2003-0532).
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-032.asp
Regards,
---------------------
Jared Bergeron
Systems Analyst / E-Security
-----Original Message-----
From: Andrew McKnight [mailto:Andrew.McKnightclg.co.uk]
Sent: Wednesday, September 24, 2003 3:23 AM
To: Lothar Kimmeringer; incidentssecurityfocus.com
Subject: RE: AIM Password theft
Is there a specific patch for this vulernability? Windows Update is telling me I'm completely up to date but I'm still vulernable.
Andy.
IT Guy.
-----Original Message-----
From: Lothar Kimmeringer [mailto:bugtraqkimmeringer.de]
Sent: 24 September 2003 00:44
To: incidentssecurityfocus.com
Subject: Re: AIM Password theft
On Tue, 23 Sep 2003 10:53:59 -0400, Mark Coleman wrote:
>I just started investigating a report that appears to have merit of a
>username/password theft of AIM accounts.
>
>Users are being directed to a web page located at www.haxr.org where the
>source appears to run a javascript program that is proportedly stealing
>AIM usernames/passwords/buddy lists.
>
>Does anyone have any information related to www. haxr.org or the
>technique being used?
The technique uses a flaw in Internet Explorer with the OBJECT-tag
allowing code to be executed locally that is loaded from a website.
The tag
<![CDATA[
<object data=tracker.php></object>
]]>
lets IE download a HTML-application that will be executed after
loading.
A testpage where you can test your locally installed Internet
Explorer for being vulnerable can be found at
http://www.heise.de/security/dienste/browsercheck/demos/ie/htacheck.shtml
If your installation is vulnerable, a program will be downloaded
to C:\browsercheck.exe that will executed afterwards leading to
a window popping up. The page is in German.
Regards, Lothar
--
Lothar Kimmeringer E-Mail: mailbodykimmeringer.de
PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81)
Always remember: The answer is forty-two, there can only be wrong
questions!
---------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------------------------------------------------------------
The information in this email is intended solely for the use of the
individual or entity to whom it is addressed and may be legally
privileged. Access to this email by anyone else is unauthorised
If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance
on it is prohibited and may be unlawful. If you believe you
have received this email in error please contact the
sender.
Any views expressed in this email do not necessarily represent
those of Castle Leisure Group.
Castle Leisure Group reserves the right to monitor and record
e-mail messages sent to and from this address for the purposes
of investigating or detecting any unauthorised use of its system
and ensuring its effective operation.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]