suryad Posted November 29, 2005 Share Posted November 29, 2005 http://www.computerterrorism.com/research/ie/poc.htmUse IE and FF to try it. Here is a link to the Proof of Concept [computerterrorism.com] page, which will launch an instance of calc.exe if you're vulnerable. I found out I am vulnerable...A lot of people disagree with my assessment of MS's security issues.....but this proves my point once and for all. There are lots and lots of holes and known holes at that in the OS. Shouldnt MS be takng a better stance on security? Lets hope Vista is not prey to this attack!! On that note if anyone has Vista it would be great if you could give it a whirl. X64 users also please attempt and post your results.I didnt know where else to put this post so I put it in this forum. Give it a whirl people! Link to comment Share on other sites More sharing options...
Synapse Posted November 29, 2005 Share Posted November 29, 2005 Windows XP Home SP1 (all updates up to service pack 2)Internet Explorer: Opened Calc in a matter of seconds.Firefox 1.0.7: Displayed a box with a bunch of question marks in it.. pretty much just slowed down my browser. Link to comment Share on other sites More sharing options...
Jeremy Posted November 29, 2005 Share Posted November 29, 2005 (edited) I tried it in Opera v8.51 and it opened a small empty window with "CT" in the title. Edited November 29, 2005 by Jeremy Link to comment Share on other sites More sharing options...
Zxian Posted November 29, 2005 Share Posted November 29, 2005 Like Jeremy, here in Opera, it opened a window called CT... and then Trend Micro went nuts. In IE, the page wouldn't even load, since Trend Micro caught something nasty. (a .jar file - understandable that it's Javascript)The page loads in Firefox, and when I go to run it... a second Window appears and then Firefox freezes. Link to comment Share on other sites More sharing options...
cluberti Posted November 29, 2005 Share Posted November 29, 2005 XP SP2 fully patched - Internet Explorer crashed when running the code, but no calculator. Also, Trend A/V went nuts (which likely is what caused IE to crash).I know we like to knock Microsoft about security vulnerabilities, but Windows (and thus, IE) is a quite complex basket of code. I think it's a little disingenous when a security firm finds an exploit, and rather than let the vendor know beforehand post the exploit to the wild. Instead of contacting Microsoft and giving them time to fix the exploit, let's make everyone unsafe by releasing the exploit to all of the script kiddies of the world. Yes, IE is vulnerable - but are we less or more safe now that this "security firm" released the exploit code to the wild before letting the vendor know of the problem? Link to comment Share on other sites More sharing options...
Solid as a rock Posted November 29, 2005 Share Posted November 29, 2005 (edited) i have give it a try too with opera 8.51 and XP SP2 with all hotfixes. kaspersky immediality popups with a warning and question to remove it or keep it. nothing happened further.edit: tryed with IE6 and the same popup from kaspersky too. i dont use FF so i cant test that but i believe kaspersky defents it too.. Edited November 29, 2005 by SolidasRock Link to comment Share on other sites More sharing options...
net_user Posted November 29, 2005 Share Posted November 29, 2005 (edited) xp sp2 fully patchedMcAfee 8.oifirefox nothing....locks up/crashedie...no calculater.....see pic Edited November 29, 2005 by net_user Link to comment Share on other sites More sharing options...
Phyridean Posted November 29, 2005 Share Posted November 29, 2005 WinXP SP2, all hotfixesWindows OneCareMaxthon browserI had no problem, except a script prompt that needed clicked five times (both "ok" and "cancel" tried)No calc.exeAnd my browser continued working after I closed the script prompt. Link to comment Share on other sites More sharing options...
Martin L Posted November 29, 2005 Share Posted November 29, 2005 nice and tight browser crash here... Link to comment Share on other sites More sharing options...
Daemonforce Posted November 30, 2005 Share Posted November 30, 2005 (edited) Windows XP MCE 2005 no hotfixes. I clicked OK on the prompt a few times and when I decided to move it around on the screen, BAM! IE crash.*clicks don't send*Ok now Dr. Watson crashed and sat in the background along with IE until I decided to kill it.o_O Edited November 30, 2005 by Daemonforce Link to comment Share on other sites More sharing options...
mark Posted November 30, 2005 Share Posted November 30, 2005 That was fun. XP Pro SP2, hotfixes, nlited, no AV, ZoneAlarm, FF. Kablam! Locked FF up nice and tight. Two things I noticed when I went to the sight: (1) My monitor flickered when I went to the sight, (2) a Firefox 'about:' window had also opened with nothing in it after clicking the appropriate link. DL Link to comment Share on other sites More sharing options...
EchoNoise Posted November 30, 2005 Share Posted November 30, 2005 Nothing happened to me...Fedora Core Hey.. somebody had to test it... hahaha Link to comment Share on other sites More sharing options...
Phyridean Posted November 30, 2005 Share Posted November 30, 2005 I tried the same thing as in my last post in this topic, except using iexplore.exe instead of maxthon.exe. Same result, except IE crashed afterwards. Link to comment Share on other sites More sharing options...
Zxian Posted November 30, 2005 Share Posted November 30, 2005 Nothing happened to me...Fedora Core Hey.. somebody had to test it... hahahalmao... Cheeky jerk... Link to comment Share on other sites More sharing options...
Solid as a rock Posted November 30, 2005 Share Posted November 30, 2005 i have give it a try too with opera 8.51 and XP SP2 with all hotfixes. kaspersky immediality popups with a warning and question to remove it or keep it. nothing happened further.edit: tryed with IE6 and the same popup from kaspersky too. i dont use FF so i cant test that but i believe kaspersky defents it too..i have tryed the test again with kaspersky disabled, opera 8.51 still do nothing. IE6 freeze up and nothing more... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now