Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Secunia Advisory for IE; meeneemee.exe
Secunia Advisory for IE

Thanks to John Germain for bringing this update to our attention. Secunia has upgraded the advisory for SA12889 to "Extremely Critical" as of January 7th. They also have add a nice link to test your browser. The orginal advisory was posted at

The vulnerability is yet another cross-site scripting vulnerability. It will allow remote code execution on a victim's system just by visiting the website. The Storm Center has received one email of such a site and confirmed that it was actively using the exploit to attempt to download XP.exe from several locations. Currently vulnerable is IE6 on a fully patched WindowsXP system. As of now, there is no patch available. I know Symantec is detecting this as bloodhound.exploit.21 from what I have observed, but I'm not sure what other antivirus software is doing. It is advisable to keep your antivirus software updated and move to another web browser if possible. For more information, please see

For those who would like to check out the source code themselves before visiting an untrusted website and don't/can't use wget, there is a good online tool found at the following URL which will retrieve the source code of the web page for you.

Fellow handler Toby Kohlenberg orginally posted very limited information we had about what this maybe (see ) We still are looking for more information. If you have any information about what this might be, please let us know.
Since its my first shift for the 2005, I would like to say thanks to everyone for all the submissions and support you have given to all of us here at the ISC. To my fellow handlers, you are all simply awesome and a great group of friends!! Here's to another great year for everyone!
Lorna Hutcheson

Handler on Duty


165 Posts
ISC Handler
Jan 9th 2005

Sign Up for Free or Log In to start participating in the conversation!