Nah.. It asks you. As does a crash of Office XP products, like Access 2002. What would really be interesting is to capture this process, and see how/where it is being posted to MS. I wonder if they have stop-gaps in place to prevent the automated flooding of their data warehouse when reproduced for malicous purposes. Hmmm. I think I can crash Access pretty readily- I'll do this and post the results if anyone is interested. AD ----- Original Message ----- From: "PIATT, BRET L (PB)" <bp3847at_private> To: <vuln-devat_private> Sent: Thursday, October 25, 2001 10:13 AM Subject: RE: Fwd: Please post this anonymously (without my email-address and such) > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I do believe its automatic in IE5.5 SP2 and IE6 and has to be > disabled through the registry. I recall some information about this > from somebody on either this list or Bugtraq in the past month. I > can't seem to find the message now, maybe somebody else can? It had > a list of registry keys you need to change to disable this. > > Bret Piatt | Network Security Engineer II | CISSP-CCNP-CCDP > SBC DataComm | Advanced Security Services Group | SCNA-RHCE-MCP > > > - -----Original Message----- > From: Chris Carey [mailto:chrisat_private] > Sent: Wednesday, October 24, 2001 2:48 PM > To: vuln-devat_private > Subject: Re: Fwd: Please post this anonymously (without my > email-address and such) > > > After a crash, IE Bug Reporting requires you to click a button to > actually send the bug report. I dont believe it is automatic, like > John Doe suggested. > > So I guess from here lets add the 'Spoof the Screen' IE vuln into the > mix and trick them into sending the report > > At this point I dont see this scenario as a threat. > > Chris > > - ----- Original Message ----- > From: "Mike DeGraw-Bertsch" <mbertschat_private> > To: "Blue Boar" <BlueBoarat_private> > Cc: <vuln-devat_private> > Sent: Wednesday, October 24, 2001 8:51 AM > Subject: Re: Fwd: Please post this anonymously (without my > email-address and > such) > > > > An interesting thought, though you'd have to get the virus to > > propogate prior to Outlook crashing. Otherwise you'd have to send > > a heck of a lot of messages yourself. > > > > -Mike > > > > On Tue, 23 Oct 2001, Blue Boar wrote: > > > > > > A few of my co-workers and I were just discussing the new error > reporting > > > > functions of Internet Explorer, and we came up with a nasty > > > > idea for a > virus > > > > utilizing that function as a method of causing a DoS. The idea > > > > is to > write > > > > a virus that propagates through email (nothing new here) and > > > > exploits Outlook and Outlook Express to achieve that > > > > propagation. This virus > would > > > > essentially cause the autopreview pane of Outlook to open > > > > viewing some > type > > > > of HTML/ASP, etc in a way that would cause IE to crash when > > > > attempting > to > > > > sort it. At that point, with the more recent releases of IE, > > > > there > would be > > > > an automatic initiation of debug data sent to Microsoft, > > > > through using > DNS > > > > to resolve. > > > > > > > > Obvious effects would be a likely DoS on business networks and > > > > on Microsoft's debug servers. Other effects could include > > > > difficulty in reaching and downloading patches for the > > > > vulnerabilities in the > software (if > > > > Microsoft patch servers are utilizing the same WAN link as the > > > > debug servers), as well as possible effects upon DNS servers, > > > > especially at Microsoft. In addition, as has already been > > > > talked about, an enormous amount of private information > > > > possibly stored on the debugs would be forwarded as well. I > > > > would imagine that this type of virus could also effect other > > > > kinds of "bugzilla" services. > > > > > > > > Just a thought... > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: PGP 7.0 > > iQA/AwUBO9hIHl+IxmqPU329EQKBzwCfc6l4kOAUm9GFXwVsJBDITj0lhTYAn1yq > AaQke/iHCyHCPM49/N2PpjMK > =CUDB > -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 12:12:19 PDT