Full Disclosure: Re: ADODB.Stream object

[Nick FitzGerald <nick () virus-l demon co uk>]

jelmer <jkuperus () planet nl> wrote:

<<snip interesting stuff>>
> I dont think it in it self can not be concidered a security vulnerabilty as
> it only works when the file containing the code is present on a users
> harddisk, though html files are generally considered trusted and you can
> probably trick some people into opening an html file by sending it to them
> through msn messenger or whatever.
> It can most likely be used to leverage other vulnerabilities, for instance
> many programs download information to predictable locations from where you
> might invoke it.
I do not see this as much of an issue/problem for widespread 
exploitation of this.  Recall the (modest) "success" of the MindJail 
virus, and the ongoing success of Mijail (which is by far the most 
prevalent mass-mailing virus this month if you ignore the Sobig.F 
freak).   Both of these viruses exploited a "My Computer" zone-only IE 
vulnerability, depending on the typical handling of files from inside 
archives being placed into %TEMP% despite their source archives clearly 
being handled in the TIF.  Of course, MS (and thus IE) cannot manage 
third-party programs handling of files passed out of of IE's security 
zones...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html