[Dshield] QHOSTS-1 Trojan & MSIE6 Vulnerability

Doug White doug at clickdoug.com
Sat Oct 4 16:40:50 GMT 2003

This critical update patched the vulnerability of IE mis-interpreting certain
scripting when going to a mal-ware web site. .  The proof of concept was posted
on SANS just three days ago, and the appearance of the patch just about set a
record for MS in Time to Market response.

Ms released patches for all versions of IE, from 5.0 through win2003

Stop spam on your domain, use our gateway!
For hosting solutions http://www.clickdoug.com
Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1 and all databases.
ISP rated: http://www.forta.com/cf/isp/isp.cfm?isp_id=772
Suggested corporate Anti-virus policy: http://www.dshield.org/antivirus.pdf
If you are not satisfied with my service, my job isn't done!

----- Original Message ----- 
From: "Al Reust" <areust at comcast.net>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Saturday, October 04, 2003 10:21 AM
Subject: Re: [Dshield] QHOSTS-1 Trojan & MSIE6 Vulnerability

| Yesterday MS released the MS03-040 and rated it as Critical. Yes I know it
| was not Thursday per normal LOL
| Who should read this bulletin: Users running Microsoft Internet Explorer.
| Impact of vulnerability: Run code of attacker's choice.
| Maximum Severity Rating: Critical
| Recommendation: Customers should apply the patch immediately.
| For those that missed it. the question remains how many of the holes did
| they finally close.
| Al
| At 02:33 PM 10/3/2003 -0400, you wrote:
| >http://www.utils32.com/adiefiltr.asp is what I've been playing with and
| >does what is needed. It can flip a site into a JS enable zone and let you
| >block popups, etc... then "reset" it back to restricted. I just find $20 a
| >bit much for what should be a M$ supplied control
| >
| >M$ did supply a IE add-in that did allow adding to Trusted or Restricted,
| >no source, no MSDN example, etc... it all comes down to registry entries.
| >
| >
| >
| >At 10:13 10/3/2003, Tom Liston wrote:
| >><snip>
| >>To the best of my knowledge, there is no third-party add-in that allows JS
| >>to be turned on and off easily.  I looked into writing one, but I'm not
| >>even sure it is possible.  Changing stuff in the registry on the fly
| >>doesn't seem to work, because IE doesn't check the registry each time
| >>before it attempts to run JS code...  only on start up.
| >>
| >>Poor, poor, POOR interface design...
| >>
| >>- -TL
| >>
| >>On 2 Oct 2003 at 22:13, warpmedia wrote:
| >>
| >> > Yet again proof that JS & ActiveX should be considered unsafe for general
| >> > browsing and that M$ not catching bugs properly ought to add a zone
| >> > management to the IE taskbar, distribute appropriate .reg patches to add
| >> > security zones that enable JS & ActiveX (separately, granular), and set
| >> > to restricted zone by default. Usability of windows update be damned.
| >>- ---- >8 ---- Snip!
| >>
| >><snip>
| >
| >Joshua MacCraw
| >warpmedia at comcast.net
| >http://mywebpages.comcast.net/jmaccraw
| >_______________________________________________
| >list mailing list
| >list at dshield.org
| >To change your subscription options (or unsubscribe), see:
| >http://www.dshield.org/mailman/listinfo/list
| _______________________________________________
| list mailing list
| list at dshield.org
| To change your subscription options (or unsubscribe), see:

More information about the list mailing list