Is IE 5.5 SP2 vulnerable to Nimda?
- Thread starter Amused
- Start date
[AmusedOne - I posted this in the other thread also]
From Incidents.org
[Re: email attachments]: Any x86 email software that uses IE 5.5 SP1 or earlier to display HTML messages will automatically execute the malicious attachment if the message is merely opened or previewed. This happens because the worm MIME encodes the attachment to take advantage of a known vulnerability called "Automatic Execution of Embedded MIME Types".
[Re: surfing]: If the worm successfully infects a web server, it uses the HTTP service to propagate itself to clients who browse the web server's pages. Upon infecting a victim server, the worm creates a copy of itself named "readme.eml" and traverses the directory tree (including network shares) searching for web-related files such as those with .html, .htm, or .asp extensions. Each time the worm finds a web content file, it appends a piece of JavaScript to the file. The JavaScript forces a download of readme.eml to any client that views the file via a browser. Some versions of Internet Explorer will automatically execute the readme.eml file and allow the worm to infect the client. The IE vulnerability issue here is the same as in the email propagation mechanism; that is, IE 5.5 SP1 or earlier is vulnerable to the "Automatic
Execution of Embedded MIME Types" problem.Allowing JavaScript in the browser enables the attack to take advantage of the vulnerability.
Internet Explorer users should be careful to use a version of the browser that is secured against the "Automatic Execution of Embedded MIME Types" vulnerability. Microsoft recommends upgrading to IE 5.5 SP2 or IE 6.0 to avoid problems.
From Incidents.org
[Re: email attachments]: Any x86 email software that uses IE 5.5 SP1 or earlier to display HTML messages will automatically execute the malicious attachment if the message is merely opened or previewed. This happens because the worm MIME encodes the attachment to take advantage of a known vulnerability called "Automatic Execution of Embedded MIME Types".
[Re: surfing]: If the worm successfully infects a web server, it uses the HTTP service to propagate itself to clients who browse the web server's pages. Upon infecting a victim server, the worm creates a copy of itself named "readme.eml" and traverses the directory tree (including network shares) searching for web-related files such as those with .html, .htm, or .asp extensions. Each time the worm finds a web content file, it appends a piece of JavaScript to the file. The JavaScript forces a download of readme.eml to any client that views the file via a browser. Some versions of Internet Explorer will automatically execute the readme.eml file and allow the worm to infect the client. The IE vulnerability issue here is the same as in the email propagation mechanism; that is, IE 5.5 SP1 or earlier is vulnerable to the "Automatic
Execution of Embedded MIME Types" problem.Allowing JavaScript in the browser enables the attack to take advantage of the vulnerability.
Internet Explorer users should be careful to use a version of the browser that is secured against the "Automatic Execution of Embedded MIME Types" vulnerability. Microsoft recommends upgrading to IE 5.5 SP2 or IE 6.0 to avoid problems.
End Users
1. Prevent infection from email or infected Web sites by updating Internet Explorer as detailed below in the section titled "Email".
2. Prevent infection via file shares by ensuring that you have no unprotected file shares, as discussed below in the section titled "File Shares".
Email:
Customers who have installed any of the following updates would be at no risk of infection by email:
The patch provided in Microsoft Security Bulletin MS01-020.
The patch provided in Microsoft Security Bulletin MS01-027.
Internet Explorer 5.01 Service Pack 2.
Internet Explorer 5.5 Service Pack 2.
Internet Explorer 6.
That should cover you. For more information, look here.
1. Prevent infection from email or infected Web sites by updating Internet Explorer as detailed below in the section titled "Email".
2. Prevent infection via file shares by ensuring that you have no unprotected file shares, as discussed below in the section titled "File Shares".
Email:
Customers who have installed any of the following updates would be at no risk of infection by email:
The patch provided in Microsoft Security Bulletin MS01-020.
The patch provided in Microsoft Security Bulletin MS01-027.
Internet Explorer 5.01 Service Pack 2.
Internet Explorer 5.5 Service Pack 2.
Internet Explorer 6.
That should cover you. For more information, look here.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter