× Few antiviral products inadequately detect 3proxy as Trojan.Daemonize, Backdoor.Daemonize, etc and many detect 3proxy as a PUA (potentially unwanted program). It may cause browser warning on download page. 3proxy is not trojan or backdoor and contains no functionality except described in documentation. Clear explanation of this fact is given, for example, in Microsoft's article.

Topic:                    buffer overflow in mshtml.dll
Authors:                  ERRor and DarkZorro of domain Hell
                          3APA3A of SECURITY.NNOV
Date:                     February, 13 2002
Vendor Informed:          December, 20 2001
Software affected:        Microsoft Internet Explorer 6.0 and prior
                          Microsoft Outlook Express 6.0 and prior*
                          Microsoft Outlook 2000 and prior*
Remote:                   Yes
Exploitable:              Yes
Risk:                     High
SECURITY.NNOV advisories: http://www.security.nnov.ru/advisories
Thanks to:                Microsoft Security Response Center
                          and CERT for working with us
                          Andrey  Kolishak  for  helpful additional
                          information on this issue


mshtml.dll  contains  buffer  overflow  while parsing HTML with embedded
ActiveX  components.  Stack  overrun  occurs during concatenation of two
Unicode  strings. It's possible to exploit this vulnerability to execute
any code of attacker's choice (we do have proof-of-concept code, it will
be  published  later  with  details of vulnerability). This overflow can
only  be exploited if "Run ActiveX Controls and Plugins" security option
is  enabled.  *This  option  is disabled by default for Restricted Sites
Zone  Outlook  2000,  Outlook Express 6.0 and prior with security update
installed  open all mail, but enabled by default in all different cases.
This bug doesn't depend on Windows version.


Make  sue  "Run  ActiveX  Controls  and  Plugins" option is disabled for
Internet  and  Restricted  Sites  zones  in security options of Internet
Explorer.  Check  security zone for Outlook Express is set to Restricted

Vendor and Solution:

Microsoft  was  notified  on  December,  20  2001.  On February, 11 2002
Microsoft  released  advisory  MS02-005 and cumulative patch q316059 for
Microsoft Internet Explorer

More Information