On Fri, 15 Mar 2002 19:50:05 -0800 "madness" <madnessat_private> wrote: > FYI - Norton AV now picks this up. > > > Scan type: Realtime Protection Scan > Event: Virus Found! > Virus name: XMLid.Exploit > File: C:\XXXXX\Local Settings\Temporary Internet > Files\Content.IE5\C9IVKTMJ\simplebind[1].htm > Location: Quarantine > Computer: XXXXXX > User: XXXXXX > Action taken: Clean failed : Quarantine succeeded : Access denied > Date found: Fri Mar 15 19:46:32 2002 > > madness. > Indeed the recent Virii Scanner software pick up this bug. Noticed that the other day too, using some recent version of F-Secure. Encoding the HTML page into Unicode (UTF-16) will help, i.e. $ recode latin1..unicode exploit.html When you now browse this page with IE, the browser will happily accept the input, render it and execute the code -- the Virii scanner on the other hand stays calm, as it obviously doesn't care about Unicode at all. I don't know how and if other Virii scanners are affected by this "workaround", but I can imagine others behave similar to it. -- Jann Fischer <rezineat_private> :: http://www.mistrust.net/rezine.gpg FA8C 3663 9906 D8C3 AC16 F7C4 66E0 F351 6D83 9821
This archive was generated by hypermail 2b30 : Sat Mar 16 2002 - 09:43:59 PST