Dailydave mailing list archives
GIFs of Cats
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 12 Sep 2013 15:06:24 -0400
GIFs. We love them. And we love them giving us remote code execution <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3174>even more than we love them showing us how to escape from jail <http://imgur.com/gallery/40Nd2>. The last CANVAS release (the base release, since I also consider the VulnDisco, D2, SCADA+, etc. exploit packs as releases!) has a working exploit for the July Microsoft Patch Tuesday DirectShow GIF bug. (I hate it when people refer to things as the CVE - like you have those all memorized.) The current exploit supports IE8 only, but on Windows 7 and XP (known in the exploit community as the "Microsoft OS's with market share" :>). We started this exploit thinking it would be a nice easy exercise, and then it turned into the exploit from hell. But it is finally done! Well. An exploit is never truly done. For example "with minor amounts of work" this exploit can be ported over to IE9 and 10 from IE8. And then you ask "Can it work within Silverlight? and get back "Maybe..." So you can spend years on a simple client-side if it's worth it to you, or simply as performance art. In this particular case, it takes a while to figure out how to even reach the vulnerability from IE, as opposed to from "Media Player Classic", which is what the POC runs inside. In any case, we hope those of you with CANVAS (which is all of you, right?) test it out and let us know how well it works for you in your environment. Always curious to see where this kind of work gets you in the "reach out and touch someone" sense! -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- GIFs of Cats Dave Aitel (Sep 12)