Author Topic: Cross Site Scripting vulnerability  (Read 4763 times)

0 Members and 1 Guest are viewing this topic.

ebel

  • Guest
Cross Site Scripting vulnerability
« on: October 31, 2003, 07:43:11 AM »
A Cross Site Scripting vulnerability has been infecting my PC, and the Avast! Anti -virus SW does not stop it from running. When I start IE, the script forces a new startpage by using the %20 parameter in the about:blank

Even after resetting the home page setting in IE, the scipt is back running when the PC has been re started. Registry?

Do we ou know anything more how to tackle these attacs, except from re installing/uptdating IE? (my version 6.0.2600.nnnn, w2k SP3)


http://lists.netsys.com/pipermail/full-disclosure/2003-August/007844.html

 //ebel

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Cross Site Scripting vulnerability
« Reply #1 on: October 31, 2003, 12:16:57 PM »
You should try spybotSD or adaware .

You may also post a Hijackthislog here or at the Spybot Forum and of course install all avaible updates offered by www.windowsupdate.com
MfG Ralf

ebel

  • Guest
Re:Cross Site Scripting vulnerability
« Reply #2 on: October 31, 2003, 03:57:26 PM »
 thx, I'll follow the advices:D

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re:Cross Site Scripting vulnerability
« Reply #3 on: November 02, 2003, 01:10:41 PM »
A Cross Site Scripting vulnerability has been infecting my PC, and the Avast! Anti -virus SW does not stop it from running. When I start IE, the script forces a new startpage by using the %20 parameter in the about:blank

Even after resetting the home page setting in IE, the scipt is back running when the PC has been re started. Registry?

Do we ou know anything more how to tackle these attacs, except from re installing/uptdating IE? (my version 6.0.2600.nnnn, w2k SP3)


http://lists.netsys.com/pipermail/full-disclosure/2003-August/007844.html

 //ebel


There are lots of security links to follow here.
See, specially, the section Ad-aware and Trojans Tools and System Security.
Good luck  ;)
The best things in life are free.