Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Unofficial Internet Explorer FRAME/IFRAME fix
From: Thomas Rogg <tr-lists () cherryware de>
Date: Fri, 12 Nov 2004 03:24:04 +0100

Hello list,

http://www.cherryware.de/framefix/

This is a program, which patches the FRAME/IFRAME vulnerability described on the mailing list BugTraq (http://www.securityfocus.com/archive/1/380175) on Windows 2000 and XP. This vulnerability has been public for a rather short time and is already being used by MyDoom.AI and MyDoom.AH to spread themselves.

This patch does just-in-time patching. It does not change any system files, but rather installs a program that changes the loaded system files' code before a HTML page is loaded. Because of this, the patch is easily uninstallable.

Any comments appreciated,

Thomas Rogg

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]