Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: How often are IE security holes exploited?
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Thu, 12 Dec 2002 16:30:56 -0600

You're going to have to define what you mean by that.  The IE engine is
used in a lot of things.  For example, Outlook Express uses it to
display HTML email.  So, Kak, Klez, Yaha, Braid, Frethem, etc., etc.,
all use weaknesses in IE *in* OE to run.  Just about any VBS virus would
qualify, depending on how you want to define "IE" *(Loveletter,
Bubbleboy, Anna Kournikova, VBS/You-name-it, etc.), JS/Seeker,
JS/Coolsite, etc., etc.  Anything that uses the Windows Scripting Host
and the preview pane could be said to be using IE, because it's the
engine behind the scenes that makes it all possible.

The most common one is "Incorrect MIME Header Can Cause IE to Execute
E-mail Attachment vulnerability (MS01-020)" which is used in a bunch of
viruses/worms - Bugbear, Braid, Shoho, Exploit-MIME.gen, Gop, Yaha,
Klez, Holar, Hobbit, Apix, 

Paul Schmehl (pauls () utdallas edu)
TCS Department Coordinator
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/


-----Original Message-----
From: Richard M. Smith [mailto:rms () computerbytesman com] 
Sent: Thursday, December 12, 2002 3:33 PM
To: full-disclosure () lists netsys com; rms () computerbytesman com
Subject: [Full-disclosure] How often are IE security holes exploited?


Hi,

Has anyone ever looked into how often security holes in 
Internet Explorer are actually used in viruses, worms, Trojan 
horses, and other malware?  My sense is that very few of them 
are actually used in the wild.  The KaK and Klez worms both 
use IE security holes to do their dirty work, but most other 
Windows viruses seem to rely on social engineering and 
standard features of Microsoft products.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault