[6576] in bugtraq
hole in Inet Explorer
daemon@ATHENA.MIT.EDU (Cacaio Torquato)
Wed Apr 22 20:47:27 1998
Date: Tue, 4 Nov 1997 11:02:38 -0200
Reply-To: Cacaio Torquato <cacaio@GEOCITIES.COM>
From: Cacaio Torquato <cacaio@GEOCITIES.COM>
To: BUGTRAQ@NETSPACE.ORG
Ghosting
This page is a description of a ghosting attack and flaw on Internet
Explorer 4.
Internet Explorer 4 has a flaw that allows an applet to write to its
desktop or to other windows. The following is a description(in
sequence) of the ghosting attack which is done by a test applet which
draws white(colour of a ghost) image on the screen.
1.The victim visits the page.
2.The applet is loaded.
3.The applet fails to work. The applet seems to be stuck at the
initialisation process.
4.The victim thinks that he/she has just loaded another badly coded
applet.
5.The victim then closes the browser associated with the "bad" applet.
6.The applet starts attacking the active window, the desktop or Start
menus usually after victim clicks mouse button.
The following are the symptoms on Internet Explorer 4 on a Pentium PC
* White pixels will flood the whole desktop.
* White pixels will flood the menu bar/Start button
* White pixels will try to flood active window but not 100%
successful.
* Victims may not see their mouse cursor.
* Victims cannot see where they are clicking or where to click
Here are several screen captures of the symptoms
Symptom No 1(Desktop view):Desktop flooded,start menu nearly flooded
Symptom No 2(Internet Explorer 4 view):web page area and rebar menu
contents flooded, rebar nealy flooded
The following is a test results on different installations of Internet
Explorer 4
Browser WAD Ghost Appears?
Internet Explorer 4.0/Win95 X X
Internet Explorer 4.0/Win95 O ?
Internet Explorer 4.01/Win95(Upgrade) X X
Internet Explorer 4.01/Win95 O O
Internet Explorer 4.01/Win95 X X
Internet Explorer 4.0/Win/WinNT3.x ? ?
Internet Explorer 4.0/Mac ? ? WAD-With Active Desktop Component
installed?
X-Yes
O-No
From the above results we can see that this flaw only exists for
installations of Internet Explorer 4 together with Active Desktop
Component. Otherwise the Internet Explorer is safe from the attack.
Recovery:
* Those familiar with windows will try to "end task" the explorer by
using the famous CTRL+ALT+DEL.
* However most victims will restart their computer.
* Such victims should log off and relogin for a fast recovery.
Cacaio
Personal Page: http://www.a-vip.com/cacaio
The Death Knights group: http://www.deathsdoor.com/tdk
+-------------------------------------------------------+
| BrasNet IRC Servers Network - Brazil |
| irc.brasnet.org irc.webtech.com.br |
+-------------------------------------------------------+
Tragic Bombs:
Hiroshima'45
Chernobyl'86
Windows'95
