funsec mailing list archives
New IE 0-Day Exploit in Wild
From: "Fergie" <fergdawg () netzero net>
Date: Sat, 18 Mar 2006 00:21:06 GMT
Hmmm... [snip] There is a new and unpatched vulnerability with exploit code in the wild that affects the latest version of IE. The exploit works by including an abnormally large (a couple thousand) number of script actions inside a single HTML tag. This will cause a memory array to write out of bounds and cause an immediate or eventual browser crash. Both McAfee and Symantec have released signatures to detect this exploit. While this is only a DoS vulnerability at the moment, there is ongoing attempts to try to use this as a vector for remote code execution. More as it develops... [snip] http://isc.sans.org/diary.php?storyid=1198 - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- New IE 0-Day Exploit in Wild Fergie (Mar 17)
- Re: New IE 0-Day Exploit in Wild James Kehl (Mar 18)