Educause Security Discussion
mailing list archives
Re: 0-day exploit for Internet Explorer in the wild
From: Chuck Braden <JCBraden () AG TAMU EDU>
Date: Wed, 10 Dec 2008 16:12:02 -0600
These guys say Vista SP1 is also vulnerable.
We have confirmed this vulnerability to be affecting, at least, a fully patched Windows XP SP3 and a Vista SP1 system.
The exploit uses publicly known heap-spray techniques that enable control over a vtable pointer, allowing arbitrary
Jimmy C Braden
Information Security Officer
Extension Information Technology
Texas AgriLife Extension Service
j-braden () tamu edu
Ken Connelly <Ken.Connelly () UNI EDU> 12/10/2008 3:50 PM >>>
Curt Wilson wrote:
I am assuming that Vista is not specifically at risk, but I don't know
for a fact. Anyone else know?
XP and Windows 2003 are vulnerable from what I've heard. I believe the
XP reference implied fully-patched SP3. I've not seen anything stating
that Vista is immune, but I've also not seen it implicated as vulnerable.
Ken Connelly Associate Director, Security and Systems
ITS Network Services University of Northern Iowa
email: Ken.Connelly () uni edu p: (319) 273-5850 f: (319) 273-7373