Drew Copley already mentioned how this is the CHM exploit that the Ibiza
exploit relied on.
K-OTiK posted about this in
http://www.securityfocus.com/archive/1/354447 and we posted details of
the Ibiza CHM exploit a few weeks before then on the Unpatched mailing
list ( http://unpatched.pivxlabs.com ).
The Bizex worm also used Unpatched IE vulnerabilities as was detailed in
Implementing proactive security measures such as locking down the My
Computer zone prevents this from having an effect. Both of these issues
were mitigated against months in advance with Qwik-Fix, which has just
been released as Qwik-Fix Pro at the Gartner Symposium/Itxpo 2004
.
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor (at) pivx (dot) com [email concealed]
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net>
-----Original Message-----
From: Void [mailto:void (at) sect (dot) net [email concealed]]
Sent: Monday, March 29, 2004 11:15 AM
To: Jelmer; full-disclosure (at) lists.netsys (dot) com [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Re: new internet explorer exploit (was new worm)
Just wanted to add that Norton Anti-Virus 2004 will detect this exploit
and
pop up a warning, but also fails to halt its execution or protect the
user
in any way.
exploit relied on.
K-OTiK posted about this in
http://www.securityfocus.com/archive/1/354447 and we posted details of
the Ibiza CHM exploit a few weeks before then on the Unpatched mailing
list ( http://unpatched.pivxlabs.com ).
The Bizex worm also used Unpatched IE vulnerabilities as was detailed in
http://www.securityfocus.com/archive/1/355149/2004-02-24/2004-03-01/0
Implementing proactive security measures such as locking down the My
Computer zone prevents this from having an effect. Both of these issues
were mitigated against months in advance with Qwik-Fix, which has just
been released as Qwik-Fix Pro at the Gartner Symposium/Itxpo 2004
.
http://www.pivx.com/press_releases/qwikfixpro_gartner.html
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor (at) pivx (dot) com [email concealed]
Phone: +1 (949) 231-8496
PGP: 0x5A276569
6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net>
-----Original Message-----
From: Void [mailto:void (at) sect (dot) net [email concealed]]
Sent: Monday, March 29, 2004 11:15 AM
To: Jelmer; full-disclosure (at) lists.netsys (dot) com [email concealed]; bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Re: new internet explorer exploit (was new worm)
Just wanted to add that Norton Anti-Virus 2004 will detect this exploit
and
pop up a warning, but also fails to halt its execution or protect the
user
in any way.
Here is what it thinks it is:
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.explo
it.6.html
So there is some measure of warning, but no real protection.
[ reply ]