Exploit In Internet Explorer Jul 29 2007 08:58AM
RaeD BsdMail Com (3 replies)
Re: Exploit In Internet Explorer Jul 30 2007 10:35PM
Nick FitzGerald (nick virus-l demon co uk) (1 replies)
Re: Exploit In Internet Explorer Jul 31 2007 05:01AM
Gadi Evron (ge linuxbox org)
On Tue, 31 Jul 2007, Nick FitzGerald wrote:
> RaeD (at) BsdMail (dot) Com [email concealed] wrote:
>
>> Discovred By : Hasadya Raed
>
> "Discovred" as in "found in a web page with some dodgy script in it"?
> This exploit (though not in this precise form) is common as muck in
> them thar int-duh-net tubes at the moment...
>
> You can't mean "discovered" as in "first found through unique personal
> research/investigation/etc" as this exploit has been publicly disclosed
> since April 2006, I think (and privately used previously?):

I believe RaeD meant no offense and did was in fact not aware of the
previous findings. In the past SecuriTeam helped him out with
disclosure and his findings were on the moeny.

I think:
1. This is either yet another exploit.
2. An honest mistake.

But I am not RaeD not affiliated with him. Give people the benefit of the
doubt. Who would steal thi sbluntly only to be found out?

Thanks.

>
> http://www.milw0rm.com/exploits/2052
>
> and again, in a more elaborate "multiple dodgy ActiveX control target"
> version shortly thereafter:
>
> http://www.milw0rm.com/exploits/2164
>
>> Now You Can To Download Exe Files And To Run Without Msgs :
>
> Oh, and did I mention patched since 11 April 2006:
>
> http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
>
> So probably not that effective if what you want is an assured "fire an
> forget" remote IE exploit...
>
>
> Regards,
>
> Nick FitzGerald
>

[ reply ]
RE: Exploit In Internet Explorer Jul 30 2007 09:55PM
Larry Seltzer (Larry larryseltzer com)
Re: Exploit In Internet Explorer Jul 30 2007 09:11PM
paraw (paraw yahoo it)


 

Privacy Statement
Copyright 2010, SecurityFocus