-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I do believe its automatic in IE5.5 SP2 and IE6 and has to be disabled through the registry. I recall some information about this from somebody on either this list or Bugtraq in the past month. I can't seem to find the message now, maybe somebody else can? It had a list of registry keys you need to change to disable this. Bret Piatt | Network Security Engineer II | CISSP-CCNP-CCDP SBC DataComm | Advanced Security Services Group | SCNA-RHCE-MCP - -----Original Message----- From: Chris Carey [mailto:chrisat_private] Sent: Wednesday, October 24, 2001 2:48 PM To: vuln-devat_private Subject: Re: Fwd: Please post this anonymously (without my email-address and such) After a crash, IE Bug Reporting requires you to click a button to actually send the bug report. I dont believe it is automatic, like John Doe suggested. So I guess from here lets add the 'Spoof the Screen' IE vuln into the mix and trick them into sending the report At this point I dont see this scenario as a threat. Chris - ----- Original Message ----- From: "Mike DeGraw-Bertsch" <mbertschat_private> To: "Blue Boar" <BlueBoarat_private> Cc: <vuln-devat_private> Sent: Wednesday, October 24, 2001 8:51 AM Subject: Re: Fwd: Please post this anonymously (without my email-address and such) > An interesting thought, though you'd have to get the virus to > propogate prior to Outlook crashing. Otherwise you'd have to send > a heck of a lot of messages yourself. > > -Mike > > On Tue, 23 Oct 2001, Blue Boar wrote: > > > > A few of my co-workers and I were just discussing the new error reporting > > > functions of Internet Explorer, and we came up with a nasty > > > idea for a virus > > > utilizing that function as a method of causing a DoS. The idea > > > is to write > > > a virus that propagates through email (nothing new here) and > > > exploits Outlook and Outlook Express to achieve that > > > propagation. This virus would > > > essentially cause the autopreview pane of Outlook to open > > > viewing some type > > > of HTML/ASP, etc in a way that would cause IE to crash when > > > attempting to > > > sort it. At that point, with the more recent releases of IE, > > > there would be > > > an automatic initiation of debug data sent to Microsoft, > > > through using DNS > > > to resolve. > > > > > > Obvious effects would be a likely DoS on business networks and > > > on Microsoft's debug servers. Other effects could include > > > difficulty in reaching and downloading patches for the > > > vulnerabilities in the software (if > > > Microsoft patch servers are utilizing the same WAN link as the > > > debug servers), as well as possible effects upon DNS servers, > > > especially at Microsoft. In addition, as has already been > > > talked about, an enormous amount of private information > > > possibly stored on the debugs would be forwarded as well. I > > > would imagine that this type of virus could also effect other > > > kinds of "bugzilla" services. > > > > > > Just a thought... > > > -----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBO9hIHl+IxmqPU329EQKBzwCfc6l4kOAUm9GFXwVsJBDITj0lhTYAn1yq AaQke/iHCyHCPM49/N2PpjMK =CUDB -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 11:49:50 PDT