[37333] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Unofficial Internet Explorer FRAME/IFRAME fix

daemon@ATHENA.MIT.EDU (Thomas Rogg)
Fri Nov 12 12:45:41 2004

X-Envelope-To: <bugtraq@securityfocus.com>
Message-ID: <41940245.7010400@cherryware.de>
Date: Fri, 12 Nov 2004 01:22:29 +0100
From: Thomas Rogg <tr-lists@cherryware.de>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello list,

http://www.cherryware.de/framefix/

This is a program, which patches the FRAME/IFRAME vulnerability 
described on the mailing list SecurityFocus 
<http://www.securityfocus.com/archive/1/380175> 
(http://www.securityfocus.com/archive/1/380175) on Windows 2000 and XP. 
This vulnerability has been public for a rather short time and is 
already being used by MyDoom.AI and MyDoom.AH to spread themselves.

This patch does just-in-time patching. It does not change any system 
files, but rather installs a program that changes the loaded system 
files' code before a HTML page is loaded. Because of this, the patch is 
easily uninstallable.

Any comments appreciated,

Thomas Rogg


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[37333] in bugtraq

Unofficial Internet Explorer FRAME/IFRAME fix

daemon@ATHENA.MIT.EDU (Thomas Rogg)Fri Nov 12 12:45:41 2004

daemon@ATHENA.MIT.EDU (Thomas Rogg)
Fri Nov 12 12:45:41 2004