URGENT! IE6 Flaw - i guarantee you are infect0rizable ph34r - GoFuckYourself.com

ytcracker · 01-28-2004, 02:27 PM

http://secunia.com/Internet_Explorer...oofing _Test/

Description:
hahahahahahahahahaha has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files.

The problem is that Internet Explorer can be tricked into opening a file, with a different application than indicated by the file extension. This can be done by hahahahahading a CLSID in the file name. This could be exploited to trick users into opening "trusted" file types which are in fact malicious files.

ytcracker · 01-28-2004, 02:28 PM

side note: this is a phat way to get people to download your dialers 31337

they think this may also be unpatchable i guess

http://www.techworld.com/news/index....ews&NewsID=824

related article

liquidmoe · 01-28-2004, 02:29 PM

Time to stop using IE I guess.

BVF · 01-28-2004, 02:31 PM

damn that will end it....I hope they made the patch already

Furious_Male · 01-28-2004, 02:39 PM

Quote:

In the meantime, despite two weeks' notice, Microsoft has yet to release an official fix, and offers instead only daft advice such as checking the source code for every URL people want to click.

wow.

Its really not funny that this can happen but what the hell is MSN thinking releasing that sort of advise. I wonder if that is official.

ytcracker · 01-28-2004, 02:40 PM

apparently according to this article they are saying it might not be

crazy

Rick Latona · 01-28-2004, 02:43 PM

Ah, the silent toolbar install uncovered.

ytcracker · 01-28-2004, 02:55 PM

Dirty F · 01-28-2004, 02:56 PM

2 words

Fucking install Opera

X-Wing · 01-28-2004, 02:59 PM

Quote:

Originally posted by Battuss
2 words

Fucking install Opera

Actually those are three words.

Dirty F · 01-28-2004, 03:00 PM

Quote:

Originally posted by X-Wing

Actually those are three words.

stfun

Part-timer · 01-28-2004, 03:21 PM

GFY opens much more faster with netscape anyways

Rich · 01-28-2004, 03:22 PM

apple.com/switch

ldinternet · 01-28-2004, 03:24 PM

microsoft.com/fuckthat

Rich · 01-28-2004, 03:24 PM

Quote:

Originally posted by Part-timer
GFY opens much more faster with netscape anyways

You should see how fast it opens in Safari on my dual chip G5.

block · 01-28-2004, 03:25 PM

Time to use opera/mozilla again :/

Rich · 01-28-2004, 03:30 PM

Quote:

Originally posted by ldinternet
microsoft.com/fuckthat

JSA Matt · 01-28-2004, 03:32 PM

I bet it was a spyware programmer that found this.

TheJimmy · 01-28-2004, 03:56 PM

Quote:

Originally posted by Part-timer
GFY opens much more faster with netscape anyways

TheJimmy · 01-28-2004, 03:58 PM

Quote:

Originally posted by Rich
apple.com/switch

and if you don't want to make a HARDWARE switch....lindows.com for lazy people that want a 'insert cd, install, work' type of *nix thang...

jact · 01-28-2004, 04:04 PM

Shocking, a flaw in IE6. Who would have suspected.

ytcracker · 01-28-2004, 04:38 PM

so so so stupid

Smokey The Bear · 01-28-2004, 04:54 PM

Old news . Your welcome though.

Smokey The Bear · 01-28-2004, 04:59 PM

I think your giving the wrong impression of what it can do though.

It cant autorun an executable and that is basically the worst of the worst.

It can trick you into thinking something is safe , but it cant execute it for you.

s9ann0 · 01-28-2004, 05:03 PM

the person that cares a shit about security and uses M$ ware does not exist

Tipsy · 01-28-2004, 05:06 PM

Quote:

Originally posted by spanno
the person that cares a shit about security and uses M$ ware does not exist

A stupid statement by the truly ignorant who love to rant so they can hear their own voice.

skillfull · 01-28-2004, 05:06 PM

haha
use opera ;)
and btw
ive receive some cool 0day info
a friends scanned a subnet for a new flaw he discovered
61/254 remote ownable
you are all fucked

ytcracker · 01-28-2004, 05:24 PM

Quote:

Originally posted by *Smokey The Bear*
I think your giving the wrong impression of what it can do though.

It cant autorun an executable and that is basically the worst of the worst.

It can trick you into thinking something is safe , but it cant execute it for you.

it plays off morons
like most anything

computers are only as good as the idiot at the keyboard

-=HOAX=- · 01-28-2004, 05:28 PM

I'm curious as to how many of you have run the M$ B.S.A. and think you're safe...

myneid · 01-28-2004, 05:34 PM

ms has previously stated that they are no longer developong IE and have disbanded the department. so i'm sure that for them to get a fix anymore takes forever to pull those people off of their projects in their new departments.

its all about mozilla firebird

ytcracker · 01-28-2004, 05:37 PM

Quote:

Originally posted by myneid
ms has previously stated that they are no longer developong IE and have disbanded the department. so i'm sure that for them to get a fix anymore takes forever to pull those people off of their projects in their new departments.

its all about mozilla firebird

tru gangstas use lynx
i surf the hun with lynx

pornstar2pac · 01-28-2004, 05:37 PM

webTV baby- FULL PROOF

Smokey The Bear · 01-28-2004, 05:47 PM

Quote:

Originally posted by spanno
the person that cares a shit about security and uses M$ ware does not exist

Why are your sites pr so low ?

Want some help ?

01-28-2004, 02:27 PM	#1
ytcracker stc is the greatest Join Date: Dec 2002 Location: rip sean murray Posts: 12,403	URGENT! IE6 Flaw - i guarantee you are infect0rizable ph34r http://secunia.com/Internet_Explorer...oofing _Test/ Description: hahahahahahahahahaha has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files. The problem is that Internet Explorer can be tricked into opening a file, with a different application than indicated by the file extension. This can be done by hahahahahading a CLSID in the file name. This could be exploited to trick users into opening "trusted" file types which are in fact malicious files. __________________ www.ytcracker.com \| www.digitalgangster.com i love you

01-28-2004, 02:28 PM	#2
ytcracker stc is the greatest Join Date: Dec 2002 Location: rip sean murray Posts: 12,403	side note: this is a phat way to get people to download your dialers 31337 they think this may also be unpatchable i guess http://www.techworld.com/news/index....ews&NewsID=824 related article __________________ www.ytcracker.com \| www.digitalgangster.com i love you

01-28-2004, 02:29 PM	#3
liquidmoe Confirmed User Join Date: Mar 2002 Location: NY Posts: 4,994	Time to stop using IE I guess. __________________ Take Luck!

01-28-2004, 02:31 PM	#4
BVF Black Vagina Finder Join Date: Jan 2002 Location: The Midwest Posts: 13,975	damn that will end it....I hope they made the patch already __________________ Black Pussy Click On Mr Cosby..CCbill, 60/40, 136 FHG's....The Cos Loves Black Ghetto Pussy!!

01-28-2004, 02:40 PM	#6
ytcracker stc is the greatest Join Date: Dec 2002 Location: rip sean murray Posts: 12,403	apparently according to this article they are saying it might not be crazy __________________ www.ytcracker.com \| www.digitalgangster.com i love you

01-28-2004, 02:43 PM	#7
Rick Latona The Best Ideas Start Here Join Date: Dec 2002 Location: Atlanta Posts: 6,037	Ah, the silent toolbar install uncovered. __________________ Regards, Rick Latona http://latonas.com Latona's - We Sell Money Making Web Properties Note to buyers of websites and traffic: please check our inventory at http://latonas.com/websites-for-sale. If you would like to make an offer on something, just let me know.

01-28-2004, 02:55 PM	#8
ytcracker stc is the greatest Join Date: Dec 2002 Location: rip sean murray Posts: 12,403	bump __________________ www.ytcracker.com \| www.digitalgangster.com i love you

01-28-2004, 02:56 PM	#9
Dirty F Too lazy to set a custom title Industry Role: Join Date: Jul 2001 Posts: 59,204	2 words Fucking install Opera

01-28-2004, 03:21 PM	#12
Part-timer Confirmed User Join Date: Jul 2003 Posts: 419	GFY opens much more faster with netscape anyways

01-28-2004, 03:22 PM	#13
Rich So Fucking Banned Join Date: Jan 2003 Posts: 11,486	apple.com/switch

01-28-2004, 03:24 PM	#14
ldinternet Confirmed User Join Date: Apr 2001 Posts: 8,245	microsoft.com/fuckthat

01-28-2004, 03:25 PM	#16
block Confirmed User Join Date: Jan 2004 Location: Winnipeg, Canada - cough check sig cough Posts: 1,258	Time to use opera/mozilla again :/ __________________ ICQ - 19961769

01-28-2004, 03:32 PM	#18
JSA Matt So Fucking Banned Join Date: Aug 2003 Location: San Diego, CA Posts: 5,464	I bet it was a spyware programmer that found this.

01-28-2004, 04:04 PM	#21
jact Confirmed User Join Date: Sep 2002 Location: Oakville, Canada Posts: 9,134	Shocking, a flaw in IE6. Who would have suspected. __________________ Free agent

01-28-2004, 04:38 PM	#22
ytcracker stc is the greatest Join Date: Dec 2002 Location: rip sean murray Posts: 12,403	so so so stupid __________________ www.ytcracker.com \| www.digitalgangster.com i love you

01-28-2004, 04:54 PM	#23
Smokey The Bear So Fucking Banned Join Date: Dec 2003 Location: South Of Heaven™ Posts: 3,880	Old news . Your welcome though.

01-28-2004, 04:59 PM	#24
Smokey The Bear So Fucking Banned Join Date: Dec 2003 Location: South Of Heaven™ Posts: 3,880	I think your giving the wrong impression of what it can do though. It cant autorun an executable and that is basically the worst of the worst. It can trick you into thinking something is safe , but it cant execute it for you.

01-28-2004, 05:03 PM	#25
s9ann0 Confirmed User Join Date: Sep 2001 Location: Boston Posts: 4,873	the person that cares a shit about security and uses M$ ware does not exist

01-28-2004, 05:06 PM	#27
skillfull Confirmed User Industry Role: Join Date: Apr 2003 Location: Quebec Calisse Posts: 4,716	haha use opera ;) and btw ive receive some cool 0day info a friends scanned a subnet for a new flaw he discovered 61/254 remote ownable you are all fucked __________________ mind at underdark dot cc SEO Analyst Thunder-Ball.net - Member

01-28-2004, 05:28 PM	#29
-=HOAX=- Confirmed User Join Date: Dec 2001 Location: CrackYaMental Posts: 4,365	I'm curious as to how many of you have run the M$ B.S.A. and think you're safe... __________________ Insert Value Here.

01-28-2004, 05:34 PM	#30
myneid Confirmed User Industry Role: Join Date: Jan 2003 Location: Los Angeles Posts: 736	ms has previously stated that they are no longer developong IE and have disbanded the department. so i'm sure that for them to get a fix anymore takes forever to pull those people off of their projects in their new departments. its all about mozilla firebird __________________ Tanguy 0x7a69 inc. Programmer/President/CEO http://www.0x7a69.com A Leader in Programming since 1996 PHP, Ruby on Rails, MySQL, PCI DSS, and any Technical Consulting

01-28-2004, 05:37 PM	#32
pornstar2pac Omaha Hi/Lo Join Date: Nov 2003 Posts: 17,380	webTV baby- FULL PROOF __________________ Trump haters gonna hate. that's all they can do