Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Outlook/HTML "proggie"

Re: Outlook/HTML "proggie"

From: Dan Schrader <Dan_Schrader_at_TRENDMICRO.COM>
Date: Mon, 5 Jun 2000 11:05:10 -0700

It is worth noting that VBS.kakworm (details:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_KAKWORM.A
-M), an embedded script virus similar to BubbleBoy, is the most common
virus in the world today.

For virus prevelence stats: http://wtc.trendmicro.com/wtc - change setting
to show infected computers.

This despite the fact that Microsoft patched the security hole this uses
last August.

> -----Original Message-----
> From: Joerg Weber [SMTP:joerg_at_FS.IS.UNI-SB.DE]
> Sent: Friday, June 02, 2000 7:24 AM
> To: VULN-DEV_at_SECURITYFOCUS.COM
> Subject: AW: Outlook/HTML "proggie"
>
> Hi everyone,
>
> as I started the initial thread with a question I'd like to comment on the
> results that far:
> I was concerned that the use of Outlook at my company is a security risk.
> A
> bigger one that I knew it is, that is :) So, I wanted to figure out wether
> someone can screw my users over with an embedded HTML script which
> executes
> just by viewing. I concluded that while you can do that, the right
> security
> settings in Outlook prevent the execution of scripts just nicely.
> Executing
> an attachment is a different story, but then that's not limited to
> scripts,
> anyways.
> Conclusion: Noone could produce a script that'd run properly or without a
> warning in my Outlook 2k. That's fine and makes me sleep better.
> BTW, ClasID 06290BD5-48AA-11D2-8432-006008C3FBFC is the exact same class
> as
> BubbleBoy used some time ago. Nothing new here, and not at all working if
> your security settings are correct.
> Greets,
> Joerg
>
> -----Ursprüngliche Nachricht-----
> Von: VULN-DEV List [mailto:VULN-DEV_at_SECURITYFOCUS.COM]Im Auftrag von
> methodman
> Gesendet: Donnerstag, 1. Juni 2000 22:33
> An: VULN-DEV_at_SECURITYFOCUS.COM
> Betreff: Re: Outlook/HTML "proggie"
>
>
> well...
> since everybody is so interested in what the SCR object is, i'm going to
> tell you...
> it is an activex control with the classID:
> 06290BD5-48AA-11D2-8432-006008C3FBFC ,
> it's name is actually SCRiptlet.typlib (that's why i gave it the id SCR).
> WSH has the classID
> F935DC22-1CF0-11D0-ADB9-00C04FD58A0B and is called "Windows Scripting Host
> Shell Object",
> (Wscript.SHell - therefore i gave it the id WSH).
> about badblood... i didn't even hear about it until Thierry said it
> exists,
> same goes for the code written by Exxtreme.
> about the source code... if you are reading this through outlook check
> "thisreallyworks.txt" on your desktop :)).
> -- this only works if the security level is not set to "restriced sites
> zone"
>
>
>
> [ methodman ]
Received on Jun 06 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos