hole in Inet Explorer

From: Cacaio Torquato (cacaioat_private)
Date: Tue Nov 04 1997 - 05:02:38 PST

Previous message: Feiyi Wang: "an detailed explaination why land attack works?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

                                  Ghosting

   This page is a description of a ghosting attack and flaw on Internet
   Explorer 4.

   Internet Explorer 4 has a flaw that allows an applet to write to its
   desktop or to other windows. The following is a description(in
   sequence) of the ghosting attack which is done by a test applet which
   draws white(colour of a ghost) image on the screen.
   1.The victim visits the page.
   2.The applet is loaded.
   3.The applet fails to work. The applet seems to be stuck at the
   initialisation process.
   4.The victim thinks that he/she has just loaded another badly coded
   applet.
   5.The victim then closes the browser associated with the "bad" applet.

   6.The applet starts attacking the active window, the desktop or Start
   menus usually after victim clicks mouse button.

   The following are the symptoms on Internet Explorer 4 on a Pentium PC
     * White pixels will flood the whole desktop.
     * White pixels will flood the menu bar/Start button
     * White pixels will try to flood active window but not 100%
       successful.
     * Victims may not see their mouse cursor.
     * Victims cannot see where they are clicking or where to click


   Here are several screen captures of the symptoms
   Symptom No 1(Desktop view):Desktop flooded,start menu nearly flooded

   Symptom No 2(Internet Explorer 4 view):web page area and rebar menu
   contents flooded, rebar nealy flooded

   The following is a test results on different installations of Internet
   Explorer 4
   Browser WAD Ghost Appears?
   Internet Explorer 4.0/Win95 X X
   Internet Explorer 4.0/Win95 O ?
   Internet Explorer 4.01/Win95(Upgrade) X X
   Internet Explorer 4.01/Win95 O O
   Internet Explorer 4.01/Win95 X X
   Internet Explorer 4.0/Win/WinNT3.x ? ?
   Internet Explorer 4.0/Mac ? ? WAD-With Active Desktop Component
   installed?
   X-Yes
   O-No

   From the above results we can see that this flaw only exists for
   installations of Internet Explorer 4 together with Active Desktop
   Component. Otherwise the Internet Explorer is safe from the attack.

   Recovery:
     * Those familiar with windows will try to "end task" the explorer by
       using the famous CTRL+ALT+DEL.
     * However most victims will restart their computer.
     * Such victims should log off and relogin for a fast recovery.

                           Cacaio

     Personal Page: http://www.a-vip.com/cacaio
 The Death Knights group: http://www.deathsdoor.com/tdk

+-------------------------------------------------------+
|         BrasNet IRC Servers Network - Brazil          |
|         irc.brasnet.org   irc.webtech.com.br          |
+-------------------------------------------------------+

                 Tragic Bombs:
                 Hiroshima'45
                 Chernobyl'86
                  Windows'95

Previous message: Feiyi Wang: "an detailed explaination why land attack works?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:50:39 PDT