Page 1 of 1
Exploit:HTML/IframeRef.gen
Posted: Fri Jun 04, 2010 8:13 pm
by Scott(0)
Hello All,
MS Security Essentials recently flagged this twice on my laptop. Curious if this exploit falls soley under the realm of AV software or is something NoScript could eventually stop?
Thanks
Win 7 Home Premium, FFox 3.6.3, NoScript 1.9.9.81, plus additional stuff
Re: Exploit:HTML/IframeRef.gen
Posted: Fri Jun 04, 2010 8:29 pm
by Giorgio Maone
From
http://www.microsoft.com/security/porta ... ameRef.gen :
Microsoft wrote:
Exploit:HTML/IframeRef.gen is generic detection for specially formed IFrame tags that point to remote Web sites containing malicious content, for example malicious Javascript containing an exploit for a specific vulnerability.
This means that this is a generic signature for IFrames whose src attribute matches a blacklist of
known malicious web sites serving payloads which exploit browser or plugin vulnerabilities.
Since exploitation in 99.9% of the cases involves running JavaScript or active plugin content, NoScript will block this class of attacks even if the antivirus fails at blocking it at the proxy level because the serving site is too "new" to be listed in the blacklist.
Re: Exploit:HTML/IframeRef.gen
Posted: Sat Jun 05, 2010 10:34 am
by eradic8
Should forbid IFRAME option be enabled in Noscript to prevent this Exploit, or will it be prevented by default?
Re: Exploit:HTML/IframeRef.gen
Posted: Sat Jun 05, 2010 1:55 pm
by Alan Baxter
eradic8 wrote:Should forbid IFRAME option be enabled in Noscript to prevent this Exploit, or will it be prevented by default?
Not necessary. JavaScript and active plugin content are blocked by default.
Giorgio Maone wrote:Since exploitation in 99.9% of the cases involves running JavaScript or active plugin content, NoScript will block this class of attacks...