Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Wed, 22 Mar 2006 21:03:46 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I think you are wrong stelian, they are probably warning about this
high threat gave to the list :>

http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043922.html

Stelian Ene wrote:
Computer Terrorism (UK) :: Incident Response Centre wrote:
Pursuant to the publication of the aforementioned bug/vulnerability,
this document serves as a preliminary Security Advisory for users of
Microsoft Internet Explorer version 6 and 7 Beta 2.
Successful exploitation will allow a remote attacker to execute
arbitrary code against a fully patched Windows XP system, yielding
system access with privileges of the underlying user.

So this is indeed a n-day vulnerability, with n a small positive integer.
I must stress that I'm not the original author, and that I've seen this bug
discussed in public forums as early as 19.03.2006. If exploitation is
as easy as
you claim, then probably the bad guys are already actively using this,
just like
they did with WMF.

Oldest POC I've found, by 'shog9' (Joshua Heyer):
http://www.shog9.com/crashIE.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



__________ NOD32 1.1455 (20060322) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (MingW32)
 
iD8DBQFEIa2iFJS99fNfR+YRArG9AKCFlHx95odsV8i8a8JCWfVDLJNlogCgvkzw
5mzCUFH6RaOtjL6TX17d808=
=8i3n
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]