Full Disclosure: RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV

From: <tlarholm () pivx com>
Date: Mon, 5 Jan 2004 09:54:46 -0800

Clear of FUD: The threat is the same as before, one of the subcomponents
of existing exploits just has a new approach.


Regards

Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor () pivx com
949-231-8496

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net> 

-----Original Message-----
From: John Bisley [mailto:bisley110 () yahoo co uk] 
Sent: Monday, January 05, 2004 3:15 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Self-Executing HTML: Internet Explorer
5.5 and 6.0 Part IV


Hi All
Can anyone out there clear the FUD and speak to the less Web Savvy (like
me) - I set up up a quarantine system (although still with Internet
connectivity) to run the exe-cute-html but this didn't 'appear' to do
anything other than display the "JUNKWARE" text.
i.e. I downloaded the zip and extracted the html and then I
double-clicked on the html file so that IE(5.5) would run it.
So I presume it would be running the html from the MyComputer zone - but
I didn't get a dialog box or anything.
I'm mostly interested in whether this is a big risk to the company. I'm
willing to believe that users can be fooled into downloading html and
opening it locally (e.g. if they think that they are downloading a
useful report), but then, they can probably be fooled into downloading
an exe and running it... So am I simply looking at continued Security
Awareness briefings (or more draconian download restrictions) or is
there a greater exposure that I'm missing. 
I may have missed earlier parts of this thread so I hope I'm not going
over old ground.
Regards
Bis

From: "morning_wood" <se_cur_ity () hotmail com>
To: <full-disclosure () lists netsys com>
Subject: Re: [Full-disclosure] Self-Executing HTML: Internet Explorer

5.5 and 6.0 Part IV

Date: Fri, 2 Jan 2004 11:56:29 -0800

On Thu, 1 Jan 2004 22:41:35 -0000 "http-equiv () excite com" wrote:
[snip]

Fully self-contained harmless *.exe:

http://www.malware.com/exe-cute-html.zip

[snip]

This doesn't look like self-executing HTML - anyway.


Gives dialog box to open or save a "blabla.hta" and no, it 
does not self-execute
even under
low security settings. try again Jelmer?



Yahoo! Messenger - Communicate instantly..."Ping" your friends today!
Download Messenger Now

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV, (continued)
- RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV tlarholm (Jan 02)
- RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV tlarholm (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV http-equiv () excite com (Jan 02)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV JacK (Jan 03)
- Re: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV John Bisley (Jan 05)
- RE: Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV tlarholm (Jan 05)