[Full-Disclosure] Re: IE exploit runs code from graphics?
Joe Stewart
jstewart at lurhq.com
Fri Jun 25 01:57:45 BST 2004
On Thu, 24 Jun 2004 19:02:01, larry at larryseltzer.com wrote:
> From http://www.eweek.com/article2/0,,1617045,00.asp:
>
> "Analysts at NetSec Inc., a managed security services provider, began
> seeing indications of the compromises early Thursday morning and have
> since seen a large number of identical attacks on their customers' networks.
> The attack uses a novel vector: embedded code hidden in graphics on Web
> pages... NetSec officials said the attack seems to exploit a vulnerability
> in Internet Explorer."
This is somewhat misleading. The attack is appending javascript footers to
every file served by the IIS server, including image files. This isn't a new
vector, it's just a side-effect. More information at http://isc.sans.org/
-Joe
--
Joe Stewart, GCIH
Senior Security Researcher
LURHQ http://www.lurhq.com/
Full-Disclosure is hosted and sponsored by Secunia.