Dailydave mailing list archives
Re: IE attack...
From: Alexander Sotirov <asotirov () determina com>
Date: Sat, 25 Mar 2006 10:32:16 -0800
Dave Aitel wrote:
So this is the IE attack various sites are owning people with...I stumbled on it while browsing random things. It's been a pretty bad week for IE this week. Of course, it's been a pretty bad year for IE. Been a pretty bad time all around for IE. Motto: "Giving Host Intrusion Prevention vendors case study after case study." I don't know why the other lists aren't posting this. Maybe there was a memo that went around where you try to keep people from knowing what they're actually at risk from.
This code has been up on milw0rm.com since for a day or two already. The exploit works fine by filling the heap with shellcode, but if you want a more precise exploitation method, you'll have to go read Halvar's recent Blackhat presentation. It's an uninitialized stack variable vulnerability. Alex
Current thread:
- IE attack... Dave Aitel (Mar 25)
- RE: IE attack... Anthony Aykut (Mar 25)
- Re: IE attack... Alexander Sotirov (Mar 25)
- Re: IE attack... David Barroso (Mar 25)
- Re: IE attack... str0ke (Mar 25)
- <Possible follow-ups>
- Re: IE attack... Juha-Matti Laurio (Mar 25)