mailing list archives
GIFs of Cats
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 12 Sep 2013 15:06:24 -0400
GIFs. We love them. And we love them giving us remote code execution
than we love them showing us how to escape from jail
The last CANVAS release (the base release, since I also consider the
VulnDisco, D2, SCADA+, etc. exploit packs as releases!) has a working
exploit for the July Microsoft Patch Tuesday DirectShow GIF bug. (I hate
it when people refer to things as the CVE - like you have those all
The current exploit supports IE8 only, but on Windows 7 and XP (known in
the exploit community as the "Microsoft OS's with market share" :>). We
started this exploit thinking it would be a nice easy exercise, and then
it turned into the exploit from hell. But it is finally done! Well. An
exploit is never truly done. For example "with minor amounts of work"
this exploit can be ported over to IE9 and 10 from IE8. And then you ask
"Can it work within Silverlight? and get back "Maybe..."
So you can spend years on a simple client-side if it's worth it to you,
or simply as performance art. In this particular case, it takes a while
to figure out how to even reach the vulnerability from IE, as opposed to
from "Media Player Classic", which is what the POC runs inside.
In any case, we hope those of you with CANVAS (which is all of you,
right?) test it out and let us know how well it works for you in your
environment. Always curious to see where this kind of work gets you in
the "reach out and touch someone" sense!
Description: OpenPGP digital signature
Dailydave mailing list
Dailydave () lists immunityinc com
- GIFs of Cats Dave Aitel (Sep 12)