There is no point to the HTA stuff, this is just a plug for HTAStop /
BOClean.
The scenario presented involves first running a trojan on the users
machine, which then enables arbitrary webpages to use HTML Applications
(HTA) directly.
The problem is not HTA, but the trojan that lovers your security
settings enough to enable insecure HTA from secure zones.
-----Original Message-----
From: Larry Seltzer [mailto:larry (at) larryseltzer (dot) com [email concealed]]
Sent: Tuesday, July 29, 2003 6:28 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: HTASploit
An IE exploit is alleged at
http://www.spywareinfo.com/articles/htasploit/ "that allows trojans and
other malicious software to be introduced onto a machine via Internet
Explorer despite security settings."
I won't bother repeating all the details here, but wonder: If the
exploit presumes that a malicious ActiveX control runs on the system and
executes MSHTA.EXE from the Windows folder, what is the point of the HTA
stuff? Once you get a malicious ActiveX control on the system anything's
possible. Am I wrong?
Larry Seltzer
Editor
Ziff Davis Security SuperSite
http://security.ziffdavis.com/
larryseltzer (at) ziffdavis (dot) com [email concealed]
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
BOClean.
The scenario presented involves first running a trojan on the users
machine, which then enables arbitrary webpages to use HTML Applications
(HTA) directly.
The problem is not HTA, but the trojan that lovers your security
settings enough to enable insecure HTA from secure zones.
Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
-----Original Message-----
From: Larry Seltzer [mailto:larry (at) larryseltzer (dot) com [email concealed]]
Sent: Tuesday, July 29, 2003 6:28 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: HTASploit
An IE exploit is alleged at
http://www.spywareinfo.com/articles/htasploit/ "that allows trojans and
other malicious software to be introduced onto a machine via Internet
Explorer despite security settings."
I won't bother repeating all the details here, but wonder: If the
exploit presumes that a malicious ActiveX control runs on the system and
executes MSHTA.EXE from the Windows folder, what is the point of the HTA
stuff? Once you get a malicious ActiveX control on the system anything's
possible. Am I wrong?
Larry Seltzer
Editor
Ziff Davis Security SuperSite
http://security.ziffdavis.com/
larryseltzer (at) ziffdavis (dot) com [email concealed]
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the only company that provides a complete suite of Web
application security products.
Download a FREE whitepaper on "Security Policy Automation for Web
Applications":http://www.securityfocus.com/Kavado-focus-ms
------------------------------------------------------------------------
---
[ reply ]