cheesysticks
02-10-2002, 07:02 PM
I know a few folk here will be using this "software", but you have to check if it applies to your M$ box.:eek:
Impersonating the victim, spoof messages and spoof e-mail memos to contacts, reading local drive.:angry:
A demo - http://tom.me.uk/msn/demo.html
The problem is not a bug in Messenger, but one in IE, namely the Document.Open() vulnerability discovered in mid-December by ThePull, which allows for cookies to be gathered and documents to be read - Demo http://www.osioniusx.com
There is not yet a patch for this and several other IE holes.
Vulnerable systems include:
Windows 98 SE with IE6 final (fully patched as of Feb 9) and MSN Messenger 4.6.0073
Windows 98 SE with IE6 final and MSN Messenger 3.6.0024
Windows ME with IE6 final (fully patched as of Feb 9) and MSN Messenger 4.5.0127
Windows 2000 with IE6 final (fully patched as of Feb 9) and MSN Messenger 4.6.0071
Windows 2000, IE5.5, MSN Messenger 4.6.00.73
IE flaws still to be patched :
http://jscript.dk/unpatched
Discovered by : security researchers Tom Gilder and Thor Larholm.
surprised???
Impersonating the victim, spoof messages and spoof e-mail memos to contacts, reading local drive.:angry:
A demo - http://tom.me.uk/msn/demo.html
The problem is not a bug in Messenger, but one in IE, namely the Document.Open() vulnerability discovered in mid-December by ThePull, which allows for cookies to be gathered and documents to be read - Demo http://www.osioniusx.com
There is not yet a patch for this and several other IE holes.
Vulnerable systems include:
Windows 98 SE with IE6 final (fully patched as of Feb 9) and MSN Messenger 4.6.0073
Windows 98 SE with IE6 final and MSN Messenger 3.6.0024
Windows ME with IE6 final (fully patched as of Feb 9) and MSN Messenger 4.5.0127
Windows 2000 with IE6 final (fully patched as of Feb 9) and MSN Messenger 4.6.0071
Windows 2000, IE5.5, MSN Messenger 4.6.00.73
IE flaws still to be patched :
http://jscript.dk/unpatched
Discovered by : security researchers Tom Gilder and Thor Larholm.
surprised???