Thread: On-line Browser vulnerabilty-test website: Windows 98 / IE6 / FF2.20 /Netscape 9 (pass 100%)
View Single Post
  #2  
Old March 4th 10, 06:13 AM posted to microsoft.public.win98.gen_discussion,microsoft.public.windowsme.general,microsoft.public.windows.inetexplorer.ie6.browser
MEB[_17_]
External Usenet User
  
Posts: 1,830
Default On-line Browser vulnerabilty-test website: Windows 98 / IE6/ FF2.20 / Netscape 9 (pass 100%)
On 03/04/2010 12:22 AM, 98 Guy wrote:
This website:

Browser Security Test
http://bcheck.scanit.be/bcheck/

Allows users to subject their computer/browser to a selection of
synthetic exploits as follows:

- user selectable tests / exploits
- test only exploits known to affect the user's particular browser
- all tests for all known exploits

There are 19 tests in total. See below for a summary of them.

I ran these tests 3 times - once against each of the installed browsers
on my win-98se system.

I did not have any AV program or any form of browser-protection program
running on my test system.

-------------
Test results
-------------

Browser name: Firefox/2.0.0.12 Navigator
Version: 9.0.0.6
Platform: Windows 98
Congratulations! The test has found no vulnerabilities in your browser!

Browser name: Firefox
Version: 2.0.0.20
Platform: Windows 98
Congratulations! The test has found no vulnerabilities in your browser!

Browser name: MSIE
Version: 6.0
Platform: Windows 98
Congratulations! The test has found no vulnerabilities in your browser!

During the IE6 test, I was asked to download / run these two files:

crashy2.xul (a small script file)
path-neg.svg (another small script file)

The second file seems to be a very old IE5/IE6 exploit, as described
he

http://www.greymagic.com/security/advisories/gm012-ie/

Neither of the above 2 files, when submitted to VirusTotal, are detected
as threats by any of the 42 AV apps hosted on that site.

Note the stats (% vulnerable browsers):

http://bcheck.scanit.be/bcheck/stats.php

------------------
Summary of tests
------------------

Windows animated cursor overflow (CVE-2007-0038) (This test may trigger
anti-virus warnings)
Mozilla crashes with evidence of memory corruption (CVE-2007-0777)
Internet Explorer bait & switch race condition (CVE-2007-3091)
Mozilla crashes with evidence of memory corruption (CVE-2007-2867)
Internet Explorer createTextRange arbitrary code execution
(CVE-2006-1359)
Windows MDAC ADODB ActiveX control invalid length (CVE-2006-5559)
Adobe Flash Player video file parsing integer overflow (CVE-2007-3456)
XMLDOM substringData() heap overflow (CVE-2007-2223)
Mozilla crashes with evidence of memory corruption (rv:1.8.1.5)
(CVE-2007-3734)
Opera JavaScript invalid pointer arbitrary code execution (CVE-2007-436)
Apple QuickTime MOV file JVTCompEncodeFrame heap overflow
(CVE-2007-2295)
Mozilla code execution via QuickTime Media-link files (CVE-2006-4965)
Mozilla crashes with evidence of memory corruption (rv:1.8.1.8) (
CVE-2007-533)
Mozilla memory corruption vulnerabilities (rv:1.8.1.10) (CVE-2007-5959)
Mozilla crashes with evidence of memory corruption (rv:1.8.1.12)
(CVE-2008-0412)
Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflows
()
Window location property cross-domain scripting (CVE-2008-2947)
Mozilla Firefox MathML integer overflow (CVE-2008-4061)
Internet Explorer XML nested SPAN elements memory corruption
(CVE-2008-4844)

Meb will no doubt respond to this post by frothing and spewing one
excuse after another why these tests should not be believed or taken as
evidence that Win-98 combined with old/legacy browsers are not
vulnerable to common exploitation.

Hey dimwit, the files aren't classed as nor found as malware, what
might that mean.... and of course you PERSONALLY CHECKED THOSE FILES
codings to see if they actually CHECKED anything didn't ya AND WERE NOT
malware injection stubs... okay we know you didn't, your not intelligent
enough to do so.

Were these supposedly Win9X classed, or were these... nothing... or
maybe NT only or,,, yeah let's all believe this dimwit.... smart enough
to download AND RUN some unknown files from a supposed testing site of
unknown character and unknown reliability, using just two files to test
all of the thousands of exploits and their variants.... using, gee,
maybe "proof of concept" code distributed for NT SYSTEMS.

Oh, and what happened to the KNOWN malware exploits that exist in Win9X
with IE6 [in the wild], where did they show, must have missed that group
of tests. And how about that XSS KNOWN vulnerability test for FireFox
2.0.0.20 [in the wild], and the specific tests for the vulnerabilities
in 9.0.0.6 [in the wild], did I miss those.

You are a moron.... and you did this with NO anti-malware protection,
yep yuz a brite bulb... make sure yuz tak dat computer ta work wit ya in
hook it to da buznis network....

--
MEB
http://peoplescounsel.org/ref/windows-main.htm
Windows Info, Diagnostics, Security, Networking
http://peoplescounsel.org
The "real world" of Law, Justice, and Government
___---