Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Official IFRAME patch - make sure it installs correctly
From: Raoul Nakhmanson-Kulish <raoul () elforsoft com>
Date: Thu, 02 Dec 2004 19:57:39 +0300

Hello, Berend-Jan Wever!

The IFRAME vulnerability has been patched, see
http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
Oh! Thanks, God!

Good that nobody has hit upon an idea until now about exploiting this to launch self-spreading mail virus without user interaction by putting iframe into HTML message body: this hole is exploitable even in restricted zone and millions of OE and Outlook lemmings would be doomed.

Such thought visited me nearly right away when I had known this issue.

--
Best regards,
Raoul Nakhmanson-Kulish
Elfor Soft Ltd.,
ERP Department
http://www.elforsoft.ru/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]