Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exploit In Internet Explorer

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 31 Jul 2007 10:35:21 +1200
RaeD () BsdMail Com wrote:


Discovred By : Hasadya Raed


"Discovred" as in "found in a web page with some dodgy script in it"?  
This exploit (though not in this precise form) is common as muck in 
them thar int-duh-net tubes at the moment... 

You can't mean "discovered" as in "first found through unique personal 
research/investigation/etc" as this exploit has been publicly disclosed 
since April 2006, I think (and privately used previously?):

   http://www.milw0rm.com/exploits/2052

and again, in a more elaborate "multiple dodgy ActiveX control target" 
version shortly thereafter:

   http://www.milw0rm.com/exploits/2164


Now You Can To Download Exe Files And To Run Without Msgs :


Oh, and did I mention patched since 11 April 2006:

   http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx

So probably not that effective if what you want is an assured "fire an 
forget" remote IE exploit...


Regards,

Nick FitzGerald
Previous By Date Next
Previous By Thread Next

Current thread: