[Dshield] Internet Explorer Advisory / apology

jullrich@sans.org jullrich at sans.org
Sun Mar 3 00:19:24 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


  Internet Explorer has a number of severe issues, that have not
been addressed by Microsoft so far. Recently, a user posted the
URL provided below to show what can be done with these holes.

  Posting exploit code like this is of course always a difficult
issue. In my opinion, if an exploit exist, its ownership and use
by a small group of crackers is often more damaging than making
the community at large aware of it (and allowing them to take
the necessary counter measures).

  Anyway. I regretfully rejected the post, partially because the
URL for the exploit was not marked as an 'exploit'. So the post
got rejected... and I never took note who submitted it, so I cant
really give credit here.

  The URL below will launch a 'command shell' on Windows XP and 2000. It 
works on my Windows XP Pro test system, which is fully patched according 
to Windows Update. 

  You may not want to launch this URL from a "trusted/secure" system. 
While I do not believe it does anything malicious, it could be changed by 
now.

  Here it goes (inserted a space to prevent people from clicking without 
thinking): http://www.liguidwd. freeserve.co.uk

  Internet Explorer vulnerabilities are in particular a big problem with 
plenty of exploited MS IIS servers still on the net and exploits for 
php/Apache about to be launched.

  The particular exploit will require Javascript to run. In my opinion,
if you have to use MSIE, disable javascript/active scripting to avoid 
running into this issue. The next URL using this code may do more than 
just launch a shell.

  Also, the effected systems (Win2k, XP) have the ability to setup 
different user accounts with different privileges. Too many users still 
use accounts with 'Administrator' privilege for everyday use /  web 
browsing.

  Please sound the necessary alarms if you hit a URL that exploits any of 
these issues. 

- -- 
- -------
jullrich at euclidian.com               Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8gWwOwWQP+4im9DYRAoZSAJ9/VPJ1JlWhl0yM4sGpBxZSx2wbQQCeO82M
b/sTnqf5DWQrq/nfCOXj9Q0=
=uPj1
-----END PGP SIGNATURE-----




More information about the list mailing list