|
IE IFRAME Exploit Code Released
A vulnerability in IE can be exploited by having a user go to a web page that has malicious code on it. This uses the handling of certain IFRAME attributes. This exploit DOES NOT work on XP Service Pack 2. For more information see: http://lists.netsys.com/pipermail/full-disclosure/2004-November/028286.html http://secunia.com/advisories/12959/ http://www.k-otik.net/bugtraq/20041102.InternetExplorer.php Sun Java Web Proxy Server Buffer Overflow DoS Sun Java System Web Proxy Server 3.6 SP4 and prior are vulnerable to a boundary condition that can cause buffer overflows that can lead to DoS or potential system access. Upgrade to SP 5 or later. For more information see: http://secunia.com/advisories/13036/ Continued SSH Scanning Reports keep trickling in on SSH brute force scanning, and I see it at my own site. It now uses much more than the 3 or so usernames it started scanning with and I have to think there is some success if these attacks keep persisting. It just shows the importance of a strong password has not gone away with encrypted protocols. If you can, use keys for authentication via ssh, not passwords. Yesterday's diary It was not a real story, it was humor for a slow day. It appears the script kiddies are more interested in hacking voting machines than the Internet today. :) -- John Bambenek / bambenek (at) gmail.com |
John 262 Posts ISC Handler Nov 3rd 2004 |
| Thread locked Subscribe |
Nov 3rd 2004 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
