Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: new internet explorer exploit (was new worm)
From: "Thor Larholm" <thor () pivx com>
Date: Mon, 29 Mar 2004 14:12:32 -0800

Drew Copley already mentioned how this is the CHM exploit that the Ibiza
exploit relied on.

K-OTiK posted about this in
http://www.securityfocus.com/archive/1/354447 and we posted details of
the Ibiza CHM exploit a few weeks before then on the Unpatched mailing
list ( http://unpatched.pivxlabs.com ).

The Bizex worm also used Unpatched IE vulnerabilities as was detailed in


Implementing proactive security measures such as locking down the My
Computer zone prevents this from having an effect. Both of these issues
were mitigated against months in advance with Qwik-Fix, which has just
been released as Qwik-Fix Pro at the Gartner Symposium/Itxpo 2004



Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
thor () pivx com
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569

PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of

-----Original Message-----
From: Void [mailto:void () sect net] 
Sent: Monday, March 29, 2004 11:15 AM
To: Jelmer; full-disclosure () lists netsys com; bugtraq () securityfocus com
Subject: Re: new internet explorer exploit (was new worm)

Just wanted to add that Norton Anti-Virus 2004 will detect this exploit
pop up a warning, but also fails to halt its execution or protect the
in any way.

Here is what it thinks it is:


So there is some measure of warning, but no real protection.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]