BugTraq
RE: Six Step IE Remote Compromise Cache Attack Nov 05 2003 10:23PM
Thor Larholm (thor pivx com) (6 replies)
Re: Six Step IE Remote Compromise Cache Attack Nov 06 2003 12:19AM
Jelmer (jkuperus planet nl)
Re: Six Step IE Remote Compromise Cache Attack Nov 05 2003 11:25PM
Seth Arnold (sarnold wirex com)
Re: Six Step IE Remote Compromise Cache Attack Nov 05 2003 11:25PM
Florian Weimer (fw deneb enyo de)
RE: Six Step IE Remote Compromise Cache Attack Nov 05 2003 10:49PM
Benjamin Franz (snowhare nihongo org)
RE: Six Step IE Remote Compromise Cache Attack Nov 05 2003 10:43PM
white colin john (cjwhite1 ehlnx13 ews uiuc edu) (1 replies)
RE: Six Step IE Remote Compromise Cache Attack Nov 06 2003 05:55PM
Tyler Larson (noreply tlarson com) (1 replies)
Re: Six Step IE Remote Compromise Cache Attack Nov 06 2003 10:18PM
Florian Weimer (fw deneb enyo de)
RE: Six Step IE Remote Compromise Cache Attack Nov 05 2003 10:39PM
Steve Hillier (steve mastermindtoys com)
I see this more as a method to bring attention to the fact that even
though the individual flaws seem trivial, they can be combined to
perform a malicious act.

Vendors often do not act on an individual flaw as quickly if they feel
the exploit is trivial. This however shows that the individual flaws
pose a greater risk when combined, and that a 'trivial' flaw shouldn't
be ignored simply because it seems 'harmless'.

Why have these flaws not been patched even after almost two years of
knowing that they exist?

Steve Hillier, B.Sc.
Manager of Information Services
Mastermind Educational
www.mastermindtoys.com

> -----Original Message-----
> From: Thor Larholm [mailto:thor (at) pivx (dot) com [email concealed]]
> Sent: Wednesday, November 05, 2003 5:23 p
> To: Liu Die Yu; bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: RE: Six Step IE Remote Compromise Cache Attack
>
>
> This post raises an interesting question. Is our goal to find
> new vulnerabilities and attack vectors to help secure users
> and critical infrastructures, or is our goal to ease
> exploitation of existing vulnerabilities?
>
> There are no new vulnerabilities or techniques highlighted in
> this attack (which is what it is), just a combination of
> several already known vulnerabilities. This is not a
> proof-of-concept designed to highlight how a particular
> vulnerability works, but an exploit designed specifically to
> compromise your machine. All a malicious viruswriter has to
> do is exchange the EXE file.
>
> Believe me, I am all in for full disclosure and detailing
> every aspect of a vulnerability to prevent future occurances
> of similar threats, but I don't particularly think that we
> should actively be trying to help malicious persons.
>
>
>
> Regards
> Thor Larholm
> Senior Security Researcher
> PivX Solutions, LLC
> Get our research, join our mailinglist - http://pivx.com/larholm/
>
>
> -----Original Message-----
> From: Liu Die Yu [mailto:liudieyuinchina (at) yahoo.com (dot) cn [email concealed]]
> Sent: Wednesday, November 05, 2003 2:35 AM
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: Six Step IE Remote Compromise Cache Attack
>
> Snip
> http://www.securityfocus.com/archive/1/343464/2003->
11-02/2003-11-08/0
>

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus