Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Official IFRAME patch - make sure it installs correctly
From: "Des Ward" <des_ward () o2 co uk>
Date: Thu, 2 Dec 2004 10:27:13 GMT

Has anyone confirmed that the XP Sp1 and/or NT4 windows update patch(es) work with regards to skylined's exploit code; 
or do we have to deploy the .exe file?

Only asking cos I can't test this until I get home to my lab tonight.

Cheers,

Des
-----Original Message-----
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Thu, 2 Dec 2004 00:58:12 
To:"Kevin" <kkadow () gmail com>, <full-disclosure () lists netsys com>
Subject: Re: [Full-disclosure] Official IFRAME patch - make sure it installs correctly

I can confirm on WinXP SP1 ( download the [patch].exe run and reboot)
 Mr Wever's exploit PoC did not run ( no shell, dialog warning )

cheers,
m.w

The IFRAME vulnerability has been patched, see
http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx

The wording in ms04-040 is so vague, I am not entirely sure that this
patch is a fix for the IFRAME bug(s)?

*** Make sure you are patched after installing ***
I installed it using "Automatic Updates" (on Win2ksp4), rebooted and
loaded my InternetExploiter.html: IT STILL WORKED!!
Even though both "Automatic Updates" and
"http://windowsupdate.microsoft.com"; reported that I was patched!?!
I manually downloaded the exe and ran it, rebooted and now I'm finally
truely patched.

Just so I am clear, after automatic updates applied the "critical
patch" on W2KSP4 and rebooted, the IFRAME exploit still worked, but
manually downloading the executable given in the Microsoft alert and
running it results in a system on which the IFRAME exploit no longer
works?

This would be confirmation that ms04-040 actually does address the
IFRAME exploit.


Kevin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Kind regards,

Des Ward

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]