#######################################################################

Luigi Auriemma

Application: Half-Life engine
http://half-life.sierra.com
http://www.steampowered.com
Versions: before the 07 July 2004 (both Steam and not-Steam)
P

[ more ]  [ reply ]

Note: This vulnerability and many more can be found at http://www.greyhats.cjb.net

SimliarMethodNameRedir

Automatic Remote Compromise

[Tested]

IEXPLORE.EXE file version 6.0.2800.1106

MSHTML.DLL file version 6.00.2800.1400

Microsoft Windows XP sp2

[Discussion]

At first I thought this

[ more ]  [ reply ]

Note: This vulnerability as well as several more can be found at http://www.greyhats.cjb.net

Outlook Express Window Opener Script Execution Vulnerability

[Tested]

Microsoft Outlook Express version 6.0.2800.1123.

Microsoft Windows XP sp2

[Discussion]

Microsoft Outlook Express is prone

[ more ]  [ reply ]

<!--

Microsoft just disabled those functions from
being called when the mouse button is down and called it
patched. No more hijackclick,
right?

Wrong.

-->

This is absolutely fantastic Paul, with a patented double-click
of the mouse we can remotely take over the target's computer:

Just sub

[ more ]  [ reply ]

SUBJ: MOZILLA: SHELL can execute remote EXE program
DATE: 2004/07/09
FROM: Liu Die Yu <liudieyu AT umbrella D0T name>
############################################################
[START] Advisory
############################################################

COPYRIGHT
---------
This Advisory is Co

[ more ]  [ reply ]

This is an open bug. (One which is rather disturbing, so I am
not sure why Microsoft has chosen to not fix it.)

Date: 21 October 2001
http://www.guninski.com/popspoof.html

"Demonstration:

Image moving over download/open dialog:
http://www.guninski.com/opf2.html "

> -----Original Message--

[ more ]  [ reply ]

Note: This vulnerability as well as several more can be found at http://www.greyhats.cjb.net

HijackClick 3!!!

Took the name from Liu Die Yu :)

[Tested]

IEXPLORE.EXE file version 6.0.2800.1106

MSHTML.DLL file version 6.00.2800.1400

Microsoft Windows XP sp2

[Discussion]

The HijackCli

[ more ]  [ reply ]

I just wrote a small poem in JScript:

<SCRIPT language="javascript">

MSIE = window.open; // for hackers to come in
for (every_bug_found in MSIE) { /* there are zillions more hiden */ }

</SCRIPT>

Ok, so it doen't rhyme... but it is another null-pointer exception DoS in MSIE 6.0sp1 (fully patc

[ more ]  [ reply ]

Note: This vulnerability as well as several more can be found at http://www.geryhats.cjb.net

Media Preview Script Execution Vulnerability

[Tested]

MSDXM.DLL file version 6.4.09.1128

Microsoft Windows 2000

[Discussion]

By using the windows media player control, media can be played in

[ more ]  [ reply ]

Note: This vulnerability as well as several more can be found at http://www.greyhats.cjb.net

Download Window Filename + Filetype Spoofing Vulnerability

[Tested]

IEXPLORE.EXE file version 6.0.2800.1106

MSHTML.DLL file version 6.00.2800.1400

Microsoft Windows XP sp2

[Discussion]

When

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bugzilla Security Advisory
July 10, 2004

Summary
=======

Bugzilla is a Web-based bug-tracking system, used by a large number of
software projects.

This advisory covers security bugs that have recently been discovered
and fixed in the Bugzilla code: I

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

In-Reply-To: <40EEE9C0.4040108 (at) mojohosting (dot) com [email concealed]>

>The same thing happens with classic mail bombs like 42.zip, NAV can't

>handle them.

>

>Alan Parks

42.zip was a arc. BOMB and a different story... It's similar to my WinRar advisory that date back, 2003.

Well, within few seconds... after t

[ more ]  [ reply ]

I am proud to announce the availability of p0f 2.0.4, a passive OS
fingerprinter (and more). Since 2.0.1 (announced here over a year
ago), p0f has gained features such as:

- RST+ACK (connection refused) fingerprinting,
- Official SYN+ACK (outgoing connection) fingerprinting support,
- Sophist

[ more ]  [ reply ]

[For the list of the most used Trojan horses in drone armies for June/July,
2004, please skip to the end of this email message.]

I figured a list of this nature once in a while (maybe quarterly or monthly
depending on the changing threats) can be useful to some administrators who
wish to actively c

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi y'all,
I have not found the contact address for microsoft jvm
security issues, therefore maybe someone who reads
bugtraq can forward this:
in the Microsoft (R) VM for Java, 5.0 Release 5.0.0.3810
the implementation of some core system classes allows

[ more ]  [ reply ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: ethereal
Advisory ID:

[ more ]  [ reply ]

How did you find this? Did someone email this to you? Did
you discover this variation?

(Being that the original bug was mine, I have some interest
in a new variation being exploited by spammers... especially
if it was genuinely found in the wild.)

And, why is Microsoft ignoring this bug? If you f

[ more ]  [ reply ]

Norton Antivirus 2004 Confirmed Vulnerable, Pegged CPU on a 3ghz machine for indefinate amount of time scanning.

Eric

-----Original Message-----
From: Bipin Gautam [mailto:visitbipin (at) hotmail (dot) com [email concealed]]
Sent: Thursday, July 08, 2004 5:47 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Norton AntiVirus Denial

[ more ]  [ reply ]

<!--

Outlook 2000 and 2003 allow execution of remote web pages
specified within the data property of OBJECT tags when there is
no closing /OBJECT

-->

This reminds me of something I saw the other day. The following
and a variety of variations will work in Outlook Express
[probably IE as wel

[ more ]  [ reply ]

The following advisory is also available in pdf for download at
http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf

CYBSEC S.A.
www.cybsec.com

Advisory Name: Denial of Service in WebSphere Edge Server.
Vulnerability Class: Denial of Service
Release Date: June 2nd 2004
Affected Application

[ more ]  [ reply ]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - -

[ more ]  [ reply ]

yet another important message appeared at fd, but not at bugtraq:
http://seclists.org/lists/fulldisclosure/2004/Jul/0333.html
it leads to:
http://www.mozilla.org/security/shell.html

you guys must monitor fd :-P

it cost me$$ N months to turn off codeBase - a smiliar issue in IE, but
mozilla made

[ more ]  [ reply ]

==============================================
Microsoft Word Email Object Data Vulnerability
==============================================

==============================================
Summary:
==============================================
Outlook 2000 and 2003 allow execution of remote web pa

[ more ]  [ reply ]