| Author |
Message |
Cheetah
Ultimate Fanboy
Joined: 25 Aug 2003
Posts: 2831
Location: Halfway between the gutter and stars.
|
 Posted:
Thu Sep 23, 2004 1:34 pm |
http://www.mikx.de/scrollbar/
| Quote: |
Drag and release the scrollbar of the page to auto-install "booom.exe" into "shell:startup". It's just an empty file with .exe extension, but it can also be any kind of malware.
This is a combination of several known bugs, especially the "What A Drag" exploit by http-equiv (http://lists.netsys.com/pipermail/full-disclosure/2004-August/025471.html).
The scrollbar is for real, but above lies a image hidden by an opacity filter that gets dragged as soon as you try to drag the scrollbar. In addition the drop area is only a few pixels in size and automaticly follows the mouse position (the little white square appearing while dragging).
A (pretty dumb) javascripts emulates the real scrollbar behavior and moves the page up and down. An average user probably won't recognize any difference or that he installed a file while dragging the scrollbar. After the the installation the script disables itself and the scrollbar behaves as normal. Refresh the page to run it again.
Tested and working using Internet Explorer 6 on both Windows XP SP1 and Windows XP SP2. If SP2 is installed you can work around this vulnerability by disabling "binary behaviors" in the new IE activex settings.
Update: Users reported the demo still working after disabling "binary behaviors". Disable "active scripting" in this case.
mikx |
so this mikx guy script is not so bad, the file is harmless, but it could contain a viruss.. or pr0n..
in firefox this is no problem, but IE sucks.
even if you ahve SP2 it will mess ay up.. |
_________________
<CrashOverwrite> ask Raven cause he nevaR knows anything.
<Cheetah01> hes nevaR here either 
<CrashOverwrite> true
<Rachel> |
|
|
|
|
Burgess
UO Staff
Joined: 17 May 2003
Posts: 542
Location: Almost Heaven WV, USA
|
| Posted:
Thu Sep 23, 2004 4:25 pm |
| Quote: |
| disabling "binary behaviors" |
Thanx I will try this when I get home. |
_________________
"Power without perception is spiritually useless and therefore of no true value." - Ryuukin Father to Ken, Jagi, and Raoh |
|
|
|
|
Cheetah
Ultimate Fanboy
Joined: 25 Aug 2003
Posts: 2831
Location: Halfway between the gutter and stars.
|
| Posted:
Fri Sep 24, 2004 8:22 am |
dont thank me, i dont even know what it means 
but i mean.. just by dragging down a scrollbar (or so it looks to you) you can infect yourself wiht a virus 
curse you microsoft  |
_________________
<CrashOverwrite> ask Raven cause he nevaR knows anything.
<Cheetah01> hes nevaR here either
<CrashOverwrite> true
<Rachel> |
|
|
|
|
Nem1611
Irix WAnnabe
Joined: 22 Sep 2004
Posts: 143
Location: Livermore, CA
|
| Posted:
Fri Sep 24, 2004 9:47 am |
|
|
|
|
Burgess
UO Staff
Joined: 17 May 2003
Posts: 542
Location: Almost Heaven WV, USA
|
| Posted:
Sat Sep 25, 2004 6:38 pm |
I downloaded FF and have made the switch. Overall it is a very nice browser. |
_________________
"Power without perception is spiritually useless and therefore of no true value." - Ryuukin Father to Ken, Jagi, and Raoh |
|
|
|
|
Cheetah
Ultimate Fanboy
Joined: 25 Aug 2003
Posts: 2831
Location: Halfway between the gutter and stars.
|
| Posted:
Sun Sep 26, 2004 6:37 am |
yeha, firefox is nice, especialy when you customized it to your needs. themes, extensions, buttons, bookmarks, tabbed browsing, and all. you get to know some of the keybinds and stuff. in a few weeks youll be 1 with your browser.. |
_________________
<CrashOverwrite> ask Raven cause he nevaR knows anything.
<Cheetah01> hes nevaR here either
<CrashOverwrite> true
<Rachel> |
|
|
|
|
|
|
