Zero-day IE exploit

Zero-day IE exploit
Peter Laborge, 2005-11-22

Expand all | Post comment

Zero-day IE exploit 2005-11-22
Don Parker (1 replies)

Re: Zero-day IE exploit 2005-11-23
Dbtech

Zero-day IE exploit 2005-11-23
auris

Zero-day IE exploit 2005-11-23
Jerry M. Gartner

Zero-day IE exploit 2005-11-23
Bob (1 replies)

Re: Zero-day IE exploit 2005-11-23
Jason (1 replies)

Re: Zero-day IE exploit 2005-11-23
Anonymous (1 replies)

Re: Re: Zero-day IE exploit 2005-12-02
Anonymous

Yet another reason to switch to FireFox 2005-11-23
Mike (1 replies)

Re: Yet another reason to switch to FireFox 2005-11-25
Anonymous

Zero-day IE exploit - it doesn't work for me 2005-11-25
Morc (1 replies)

Re: Zero-day IE exploit - it doesn't work for me 2005-12-14
Anonymous

This bug isn't always successfull because it relies on some things that you can't control. The memory in wich nops & shellcode are allocated trought prompt() calls isn't fixed but its always over 0x00600000. In order to exploit the bug you have to overwrite 0x006F005B with nops, but sometimes prompt() will write over that address crashing IE.. I dont understand how windows works with those allocations and (I think) that section of memory isn't a heap. If someone knows something about this it could help to make a more reliable exploit.. ;)

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/58/296#296

Not wanting to downplay the seriousness, but I wouldn't call it zero day 2005-11-29
Roger

Zero-day? 2005-11-29
Anonous (1 replies)

Re: Zero-day? 2005-12-02
Anonymous

Putting users at risk 2005-12-14
Anonymous