Home page logo

bugtraq logo Bugtraq mailing list archives

hole in Inet Explorer
From: cacaio () GEOCITIES COM (Cacaio Torquato)
Date: Tue, 4 Nov 1997 11:02:38 -0200


   This page is a description of a ghosting attack and flaw on Internet
   Explorer 4.

   Internet Explorer 4 has a flaw that allows an applet to write to its
   desktop or to other windows. The following is a description(in
   sequence) of the ghosting attack which is done by a test applet which
   draws white(colour of a ghost) image on the screen.
   1.The victim visits the page.
   2.The applet is loaded.
   3.The applet fails to work. The applet seems to be stuck at the
   initialisation process.
   4.The victim thinks that he/she has just loaded another badly coded
   5.The victim then closes the browser associated with the "bad" applet.

   6.The applet starts attacking the active window, the desktop or Start
   menus usually after victim clicks mouse button.

   The following are the symptoms on Internet Explorer 4 on a Pentium PC
     * White pixels will flood the whole desktop.
     * White pixels will flood the menu bar/Start button
     * White pixels will try to flood active window but not 100%
     * Victims may not see their mouse cursor.
     * Victims cannot see where they are clicking or where to click

   Here are several screen captures of the symptoms
   Symptom No 1(Desktop view):Desktop flooded,start menu nearly flooded

   Symptom No 2(Internet Explorer 4 view):web page area and rebar menu
   contents flooded, rebar nealy flooded

   The following is a test results on different installations of Internet
   Explorer 4
   Browser WAD Ghost Appears?
   Internet Explorer 4.0/Win95 X X
   Internet Explorer 4.0/Win95 O ?
   Internet Explorer 4.01/Win95(Upgrade) X X
   Internet Explorer 4.01/Win95 O O
   Internet Explorer 4.01/Win95 X X
   Internet Explorer 4.0/Win/WinNT3.x ? ?
   Internet Explorer 4.0/Mac ? ? WAD-With Active Desktop Component

   From the above results we can see that this flaw only exists for
   installations of Internet Explorer 4 together with Active Desktop
   Component. Otherwise the Internet Explorer is safe from the attack.

     * Those familiar with windows will try to "end task" the explorer by
       using the famous CTRL+ALT+DEL.
     * However most victims will restart their computer.
     * Such victims should log off and relogin for a fast recovery.


     Personal Page: http://www.a-vip.com/cacaio
 The Death Knights group: http://www.deathsdoor.com/tdk

|         BrasNet IRC Servers Network - Brazil          |
|         irc.brasnet.org   irc.webtech.com.br          |

                 Tragic Bombs:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]