I came across something that make me think that IE 5.5 SP2 is still vulnerable to NIMDA. Although, I hardly use IE since I prefer Netscape, I still have IE on my PC. I updated my IE 5.5 to SP2 to avoid the vulnerability and I decided to test it. It is my understanding that the patch does not automatically store files sent by an exploit such as NIMDA's. I look at my web server logs ( Linux/Apache, It rocks! ) and pick one of the ip address that are tryin to hit me, I opened Netscape with this URL and I get esked if I want to save the readme.eml (as expected). I try the same thing with IE 5.5 SP2 and my Anti-virus goes bananas with instances of NIMDA in the cache directory. IE 5.5 SP2 never asked me if I wanted to save the file. Appearently MS in their infinite wisdon, caches the file right away. When the AV kicked in several infected files got delete, however it failed to delete one file indicating that it could not be found in the directory. I then went looking for readme.exe and readme.eml and I could not find any instances. However, there was a file called readme[1].eml in the cache. The AV does not bitch about this file. __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 09:03:59 PDT