mailing list archives
MSIE Nested Object Vulnerability Is Exploitable
From: Secunia Research <vuln-remove () secunia com>
Date: Fri, 28 Apr 2006 09:33:01 +0200
There has recently been some discussion regarding whether or not the
MSIE Nested Object Vulnerability reported by Michal Zalewski is
exploitable or not.
Link to Michal Zalewski Full-Disclosure Posting:
Because of this, Secunia has received several enquiries and comments
about the "Highly critical" rating of this advisory (SA19762) as no
proof of exploitation has been publicly disclosed.
In response to this, we would like to stress that Secunia has developed
a working exploit for this vulnerability. This exploit will not be
disclosed publicly, but was sent to Microsoft on Wednesday 2006-04-26.
The advisory rating of "Highly critical" and "System access" impact is
therefore fully justified.
Hammerensgade 4, 2. floor
DK-1267 Copenhagen K
Tlf.: +45 7020 5144
Fax: +45 7020 5145
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: MSIE Nested Object Vulnerability Is Exploitable n3td3v (Apr 30)
- MSIE Nested Object Vulnerability Is Exploitable Secunia Research (Apr 28)