Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » New MSIE vulnerability

New MSIE vulnerability

by Nikola Strahija on March 16th, 2002 A Microsoft Internet Explorer vulnerability was found by GreyMagic (http://security.greymagic.com/adv/gm001-ie/). With IncrediMail, it's possible to gain a remote access on a computer.


Incredimail save automatically email attachements in this directory
(on Windows 2000 Professionnal) :
C:Program
FilesIncrediMailDataIdentities{42D00B20-479C-11d4-9706-00105A40931C}Message
StoreAttachments

So if you send an html email with the GreyMagic vulnerability and a
trojan in attachments, it will be save in this directory.

The html mail contains this code :






]]>




So, the trojan is executed automatically.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »