|
Summary of JS/DDay.Exploit |
| Discovered: |
26 Sep 2002 |
| Definition files: |
23 Oct 2002 |
| Risk Level: |
Low |
| Distribution: | Low |
| Infection Method: | This vulnerability is exploited through a JavaScript. |
| Payload: |
cookie stealing, website content forging, local file reading and possibly malicious program execution on user computer. |
|
|
|
| Technical Description |
This vulnerability affects Internet Explorer 5.5 and 6.0 (this vulnurebility isn't present after IE 6.0 service pack 1 has been applied). Prior versions are not affected. Other programs based on the WebBrowser control are affected, such as Microsoft Outlook and MSN Explorer.
Following actions can be exploited through this vulnerability: cookie stealing, content forging, reading of local files and execution of possibly malicious programs on user computer.
This issue was first addressed by GreyMagic Software company. Their advisory is available here. |
| Removal Instructions |
Disable active-scripting for Internet Explorer. Apply service pack 1 for Internet Explorer 6.0. |
Sindri Bjarnason - virus analyst, FRISK Software Int. |
|
