Domain: 62.131.86.111
Stories and comments across the archive that link to 62.131.86.111.
Comments · 6
-
Re:IE Download.Ject Exploit *not* fixed
Supposedly a simple rewrite of the exploit code allows it to work even after the patch is installed. Here is a link to a proof of concept exploit that was posted by "Jelmer" to the full disclosure list.
-
Re:IE of course
It's not IE's fault - it's the fault of stupid users.
If you believe that, you are no further ahead than the people you reference.
An analysis of the 180 Solutions Trojan.
A NTBugtraq post with info.
There are many many other sources of info that describe how software and malware get onto your computer using combinations of holes in Windows and IE that does not present the user an acceptance screen. The links referenced are just a sample of what is out in the wild, they are not exceptions, they are the norm.
The only way this will stop is by educating users
I hear ya.. -
Re:Perhaps It Belongs in the OS
Microsoft does patch their OS quickly. The only problem is that many many people don't install the patches they provide. The vulnerability that CodeRed exploited was patched three months before the worm was released. The only reason it caused so many issues was because of incompetent Windows sysadmins.
Have you heard of this Outlook 2003 vulnerability (Script Execution Vulnerability) ?
It was discovered on May 17, but no patche today.
And this Internet Explorer exploit does no have a patche too.
If you look at this, you'll see that it took them more than 6 monts to release their patche on the LSAS vulnerability (used by Sasser).
Is that what you call "patch their OS quickly" ? -
Re:There's a big difference...
The author of the exploit, if you bothered to RTFA, said he only found it because he came across a web site which was using it.
Boo-yah! -
Re:Nothing is
"and when we finally remove the Script encoding it looks like this which we immediately recognize as the adodb.stream issue I reported on Aug 26 2003!! (red. Microsoft where's the patch??)"
source -
Exploit analysisAs it is not directly linked by the story, in http://62.131.86.111/analysis.htm there is an analysis of the exploit that looks very helpful to understand why and how it works.
As always, are from the start design problems the ones exploited here, artificial solutions like separating internet in "zones" (local, trusted, etc) are just patches that don't resolve the core problem so it still have more holes that a swiss cheese.