Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Exploit In Internet Explorer

from [Nick FitzGerald] Network Security [Permanent Link]
Subject: Re: Exploit In Internet Explorer
Date: Tue, 31 Jul 2007 10:35:21 +1200 
RaeD@BsdMail.Com wrote:


Discovred By : Hasadya Raed


"Discovred" as in "found in a web page with some dodgy script in it"?  
This exploit (though not in this precise form) is common as muck in 
them thar int-duh-net tubes at the moment... 

You can't mean "discovered" as in "first found through unique personal 
research/investigation/etc" as this exploit has been publicly disclosed 
since April 2006, I think (and privately used previously?):

   http://www.milw0rm.com/exploits/2052

and again, in a more elaborate "multiple dodgy ActiveX control target" 
version shortly thereafter:

   http://www.milw0rm.com/exploits/2164


Now You Can To Download Exe Files And To Run Without Msgs :


Oh, and did I mention patched since 11 April 2006:

   http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx

So probably not that effective if what you want is an assured "fire an 
forget" remote IE exploit...


Regards,

Nick FitzGerald
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Exploit In Internet Explorer, Larry Seltzer
Next by Date:  [Full-disclosure] CAL-20070730-1 BlueSkyCat ActiveX Remote Heap Overflow vulnerability, Code Audit Labs
Previous by Thread:  RE: Exploit In Internet Explorer, Larry Seltzer
Next by Thread:  RFI ====> vBulletin v3.6.5, RaeD
Indexes:  [Date] [Thread] [Top] [All Lists]