Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IE7 Zero Day

From: <0x80 () hush ai>
Date: Sat, 6 May 2006 01:33:30 -0700
So now that you are done wasting my time and bullshitting for info.

What do you think?  What context does IE run in?  Sure, this gives 
admin rights... if the user running IE has admin rights...

But I shouldn't have to tell you that.  BTW, I CCed the FD list so 
others can see yet another dumb cunt trying to get info with no 
cash and no intent to buy.



On Fri, 05 May 2006 19:23:05 -0700 Simon Smith <simon () snosoft com> 
wrote:

Very interesting,
   But, my buyer is looking for exploits which yeild remote
administrative access to the targeted systems. Do either of these 
do this?

0x80 () hush ai wrote:

OK.

There are two issues with IE 7.  The first issue is also found 

in 

IE 6 but in IE 6 I believe it is not exploitable (seems to be a 
null pointer). 

Issue 1 - IE 6.0 Crash.  IE 7 (all ver) remote code execution.  
Lets call this one a malformed file type that IE considers safe.

Issue 2 - IE 7.0 Information Stealing.  Target visits malicious 

web 

site and contents of all tabbed pages, including related cookies 





and cache information, can be yanked.  Perhaps we can coin this 

one 

to be Cross Tab Scripting but no user interaction is required.

Consider this exploit scenario:  User is doing online banking in 





one tab.  User is checking gmail in another.  User opens third 

tab 

and visits malicious web site.  I now have a copy of all data 

from 

the first two tabs.

My current high bid is $12,500.00 2% of any profits made by the 

use 

of the exploit although I suspect that sort of thing would be 

tough 

to audit.

On Fri, 05 May 2006 15:30:17 -0700 Simon Smith 

<simon () snosoft com> 

wrote:
  

Well,
   My buyers require temporary exclusivity during the
vetting/validation process and permanent exclusivity and 

secrecy 

if they
purchase the tool. If they do not purchase the tool, the the 

tool 

is
yours. My buyers will also most probably out bid your buyers by 



a

significant amount. What is your current highest bid? Describe 
this
exploit to me at a very high level without giving away any 
technical
details.


-Simon



BullGuard Anti-virus has scanned this e-mail and found it 

clean.

Try BullGuard for free: www.bullguard.com
    




Concerned about your privacy? Instantly send FREE secure email, 

no account required

http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

  





BullGuard Anti-virus has scanned this e-mail and found it clean.
Try BullGuard for free: www.bullguard.com




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: