Unofficial Internet Explorer FRAME/IFRAME fix

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Unofficial Internet Explorer FRAME/IFRAME fix
From: Thomas Rogg <tr-lists@xxxxxxxxxxxxx>
Date: Fri, 12 Nov 2004 01:22:29 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: cherryware.de
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040803

Hello list,

http://www.cherryware.de/framefix/

This is a program, which patches the FRAME/IFRAME vulnerabilitydescribed on the mailing list SecurityFocus<http://www.securityfocus.com/archive/1/380175>(http://www.securityfocus.com/archive/1/380175) on Windows 2000 and XP.This vulnerability has been public for a rather short time and isalready being used by MyDoom.AI and MyDoom.AH to spread themselves.

This patch does just-in-time patching. It does not change any systemfiles, but rather installs a program that changes the loaded systemfiles' code before a HTML page is loaded. Because of this, the patch iseasily uninstallable.


Any comments appreciated,

Thomas Rogg

Prev by Date: Re: Unsecure Ftpd on HP PSC 2510 Printer
Next by Date: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems
Previous by thread: Contact in HP related to OpenView / Coda
Next by thread: Security flaw in ALCATEL/THOMSON Speed Touch Pro ADSL modems
Index(es):
- Date
- Thread