Home page logo

educause logo Educause Security Discussion mailing list archives

Re: 0-day exploit for Internet Explorer in the wild
From: Chuck Braden <JCBraden () AG TAMU EDU>
Date: Wed, 10 Dec 2008 16:12:02 -0600

These guys say Vista SP1 is also vulnerable. 
We have confirmed this vulnerability to be affecting, at least, a fully patched Windows XP SP3 and a Vista SP1 system. 
The exploit uses publicly known heap-spray techniques that enable control over a vtable pointer, allowing arbitrary 
code execution.

Jimmy C Braden
Information Security Officer
Extension Information Technology
Texas AgriLife Extension Service
j-braden () tamu edu

Ken Connelly <Ken.Connelly () UNI EDU> 12/10/2008 3:50 PM >>>
Curt Wilson wrote:
I am assuming that Vista is not specifically at risk, but I don't know
for a fact. Anyone else know?



XP and Windows 2003 are vulnerable from what I've heard.  I believe the 
XP reference implied fully-patched SP3.  I've not seen anything stating 
that Vista is immune, but I've also not seen it implicated as vulnerable.

- Ken
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]