[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] JPG worm!

To: Aaron Horst <anthrax101@xxxxxxxxx>
Subject: Re: [Full-Disclosure] JPG worm!
From: Nicolas Montoza <xonico@xxxxxxxxx>
Date: Wed, 22 Sep 2004 15:44:18 -0300

wode.jpg it has a vulnerability jpg MS04-28 
http://www.theinquirer.net/?article=18585
news.htm it has a vulnerability object data
http://www.securityfocus.com/archive/1/358862


On Mon, 20 Sep 2004 17:59:30 -0400, Aaron Horst <anthrax101@xxxxxxxxx> wrote:
> Interesting. It would appear to not be a JPEG worm, but rather to be
> the regular old CHM exploits. The interesting thing about it is that
> it simply calls a link that was posted to FD last week.
> 
> The JPG is simply HTML, which loads http://www.xf*s.com/msn/1.jpg into
> the main page, with http://www.xf*s.com/msn/news.htm in an iframe.
> (Note: Change * to 2, to protect the unpatched IE users). I'm not sure
> why that would be processed...
> 
> However, news.htm was plugged by Nicolas Montoza <xonico@xxxxxxxxx> last week:
> http://lists.netsys.com/pipermail/full-disclosure/2004-September/026475.html
> 
> AnthraX101
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 



-- 
 D. Nicolas Montoza T.  < xonico@xxxxxxxxx >
 Security Research & Development
 PGPkey 0x564034EC Available at KeyServ
 BEF5 1795 BFCC DB2C 0BEF 92BD 0162 885F 5640 34EC

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] JPG worm!
  - From: bipin gautam
- Re: [Full-Disclosure] JPG worm!
  - From: Aaron Horst

Prev by Date: Re: [Full-Disclosure] Computer security and Sex
Next by Date: [Full-Disclosure] New GDI exploit
Previous by thread: Re: [Full-Disclosure] JPG worm!
Next by thread: Re: SV: [Full-Disclosure] JPG worm!
Index(es):
- Date
- Thread