Drew Copley already mentioned how this is the CHM exploit that the Ibiza exploit relied on. K-OTiK posted about this in http://www.securityfocus.com/archive/1/354447 and we posted details of the Ibiza CHM exploit a few weeks before then on the Unpatched mailing list ( http://unpatched.pivxlabs.com ). The Bizex worm also used Unpatched IE vulnerabilities as was detailed in http://www.securityfocus.com/archive/1/355149/2004-02-24/2004-03-01/0 Implementing proactive security measures such as locking down the My Computer zone prevents this from having an effect. Both of these issues were mitigated against months in advance with Qwik-Fix, which has just been released as Qwik-Fix Pro at the Gartner Symposium/Itxpo 2004 . http://www.pivx.com/press_releases/qwikfixpro_gartner.html Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor@pivx.com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> -----Original Message----- From: Void [mailto:void@sect.net] Sent: Monday, March 29, 2004 11:15 AM To: Jelmer; full-disclosure@lists.netsys.com; bugtraq@securityfocus.com Subject: Re: new internet explorer exploit (was new worm) Just wanted to add that Norton Anti-Virus 2004 will detect this exploit and pop up a warning, but also fails to halt its execution or protect the user in any way. Here is what it thinks it is: http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.explo it.6.html So there is some measure of warning, but no real protection.