1995-09-23 - Re: Another Netscape Bug (and possible security hole)

Header Data

From: Ray Cromwell <rjc@clark.net>
To: aleph1@dfw.net (Aleph One)
Message Hash: 8ffbd50663b6afae4498da3f9db4b246c324083400d389668208d9fee43e77d9
Message ID: <199509230513.BAA23938@clark.net>
Reply To: <Pine.SUN.3.90.950922194817.11370A-100000@dfw.net>
UTC Datetime: 1995-09-23 05:16:31 UTC
Raw Date: Fri, 22 Sep 95 22:16:31 PDT

Raw message

From: Ray Cromwell <rjc@clark.net>
Date: Fri, 22 Sep 95 22:16:31 PDT
To: aleph1@dfw.net (Aleph One)
Subject: Re: Another Netscape Bug (and possible security hole)
In-Reply-To: <Pine.SUN.3.90.950922194817.11370A-100000@dfw.net>
Message-ID: <199509230513.BAA23938@clark.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Actually it allows you to imbed data and commands to run. What the latest
> MSWord virus did is imbed a virus dropper encoded in the word document
> and then run it trough the dos debug command to make it a binary file
> (if you ever read the 40HEX virus magazine you should know how this works).
> From there it just run the dropper.

  You could make a worm out of this Netscape bug by having it look
for a user's homepage when it infects, and then inserting the
URL into that page.

Thread

• Return to September 1995

• Return to “Adam Shostack <adam@homeport.org>”
• Return to “Aleph One <aleph1@dfw.net>”
• Return to “dmandl@panix.com”
• Return to “frenchie@magus.dgsys.com (SysAdmin)”
• Return to “futplex@pseudonym.com (Futplex)”
• Return to “goedel@tezcat.com (Dietrich J. Kappe)”
• Return to “Jon Lasser <jlasser@rwd.goucher.edu>”
• Return to “jsw@neon.netscape.com (Jeff Weinstein)”
• Return to ““Perry E. Metzger” <perry@piermont.com>”
• Return to “Ray Cromwell <rjc@clark.net>”
• Return to “sameer <sameer@c2.org>”
• Return to “Scott M Fabbri <m1smf99@FRB.GOV>”
• Return to “Thomas Grant Edwards <tedwards@Glue.umd.edu>”

• Return to “Yih-Chun Hu <yihchun@u.washington.edu>”

• 1995-09-22 (Fri, 22 Sep 95 00:24:28 PDT) - Re: Another Netscape Bug (and possible security hole) - goedel@tezcat.com (Dietrich J. Kappe)
  • 1995-09-22 (Fri, 22 Sep 95 00:53:01 PDT) - Re: Another Netscape Bug (and possible security hole) - jsw@neon.netscape.com (Jeff Weinstein)
    • 1995-09-22 (Fri, 22 Sep 95 01:01:26 PDT) - Mosaic Bug (same as Netscape bug) (was Re: Another Netscape Bug) - futplex@pseudonym.com (Futplex)
    • 1995-09-22 (Fri, 22 Sep 95 02:22:41 PDT) - Re: Mosaic Bug (same as Netscape bug) (was Re: Another Netscape Bug) - jsw@neon.netscape.com (Jeff Weinstein)
    • 1995-09-22 (Fri, 22 Sep 95 05:43:45 PDT) - Re: Another Netscape Bug (and possible security hole) - “Perry E. Metzger” <perry@piermont.com>
      • 1995-09-22 (Fri, 22 Sep 95 07:13:45 PDT) - Re: Another Netscape Bug (and possible security hole) - Scott M Fabbri <m1smf99@FRB.GOV>
      • 1995-09-22 (Fri, 22 Sep 95 12:27:31 PDT) - Re: Another Netscape Bug (and possible security hole) - Adam Shostack <adam@homeport.org>
        • 1995-09-22 (Fri, 22 Sep 95 12:47:17 PDT) - Re: Another Netscape Bug (and possible security hole) - dmandl@panix.com
          • 1995-09-22 (Fri, 22 Sep 95 13:19:43 PDT) - Re: Another Netscape Bug (and possible security hole) - Adam Shostack <adam@homeport.org>
          • 1995-09-23 (Fri, 22 Sep 95 17:53:21 PDT) - Re: Another Netscape Bug (and possible security hole) - Aleph One <aleph1@dfw.net>
            • 1995-09-23 (Fri, 22 Sep 95 22:16:31 PDT) - Re: Another Netscape Bug (and possible security hole) - Ray Cromwell <rjc@clark.net>
          • 1995-09-25 (Mon, 25 Sep 95 12:02:32 PDT) - Re: Another Netscape Bug (and possible security hole) - Jon Lasser <jlasser@rwd.goucher.edu>
    • 1995-09-22 (Fri, 22 Sep 95 13:04:54 PDT) - Re: Another Netscape Bug (and possible security hole) - frenchie@magus.dgsys.com (SysAdmin)
      • 1995-09-22 (Fri, 22 Sep 95 14:08:40 PDT) - Re: Another Netscape Bug (and possible security hole) - sameer <sameer@c2.org>
  • 1995-09-22 (Fri, 22 Sep 95 10:04:56 PDT) - Re: Another Netscape Bug (and possible security hole) - Yih-Chun Hu <yihchun@u.washington.edu>
  • 1995-09-22 (Fri, 22 Sep 95 10:18:08 PDT) - Re: Another Netscape Bug (and possible security hole) - Thomas Grant Edwards <tedwards@Glue.umd.edu>