Re: IE7 Zero Day

[naveed <naveedafzal () gmail com>]

oops....and we have seen a dumb cunt is trying to advertise a 0-day on
this free list, which is not meant to be used for such kind of
purposes. i bet you have not posted your ad here if FD would have
charged you some $$
you might be a hax0r since you have discovered a vulnerability but you
are more stupid than all of us since you cannot read a very simple
charter

http://lists.grok.org.uk/full-disclosure-charter.html


On 5/6/06, 0x80 () hush ai <0x80 () hush ai> wrote:
> So now that you are done wasting my time and bullshitting for info.
>
> What do you think?  What context does IE run in?  Sure, this gives
> admin rights... if the user running IE has admin rights...
>
> But I shouldn't have to tell you that.  BTW, I CCed the FD list so
> others can see yet another dumb cunt trying to get info with no
> cash and no intent to buy.
>
>
>
> On Fri, 05 May 2006 19:23:05 -0700 Simon Smith <simon () snosoft com>
> wrote:
> >Very interesting,
> >    But, my buyer is looking for exploits which yeild remote
> >administrative access to the targeted systems. Do either of these
> >do this?
> >
> >0x80 () hush ai wrote:
> >> OK.
> >>
> >> There are two issues with IE 7.  The first issue is also found
> >in
> >> IE 6 but in IE 6 I believe it is not exploitable (seems to be a
> >> null pointer).
> >>
> >> Issue 1 - IE 6.0 Crash.  IE 7 (all ver) remote code execution.
> >> Lets call this one a malformed file type that IE considers safe.
> >>
> >> Issue 2 - IE 7.0 Information Stealing.  Target visits malicious
> >web
> >> site and contents of all tabbed pages, including related cookies
>
> >
> >> and cache information, can be yanked.  Perhaps we can coin this
> >one
> >> to be Cross Tab Scripting but no user interaction is required.
> >>
> >> Consider this exploit scenario:  User is doing online banking in
>
> >
> >> one tab.  User is checking gmail in another.  User opens third
> >tab
> >> and visits malicious web site.  I now have a copy of all data
> >from
> >> the first two tabs.
> >>
> >> My current high bid is $12,500.00 2% of any profits made by the
> >use
> >> of the exploit although I suspect that sort of thing would be
> >tough
> >> to audit.
> >>
> >> On Fri, 05 May 2006 15:30:17 -0700 Simon Smith
> ><simon () snosoft com>
> >> wrote:
> >>
> >>> Well,
> >>>    My buyers require temporary exclusivity during the
> >>> vetting/validation process and permanent exclusivity and
> >secrecy
> >>> if they
> >>> purchase the tool. If they do not purchase the tool, the the
> >tool
> >>> is
> >>> yours. My buyers will also most probably out bid your buyers by
>
> >a
> >>> significant amount. What is your current highest bid? Describe
> >>> this
> >>> exploit to me at a very high level without giving away any
> >>> technical
> >>> details.
> >>>
> >>>
> >>> -Simon
> >>>
> >>>
> >>>
> >>> BullGuard Anti-virus has scanned this e-mail and found it
> >clean.
> >>> Try BullGuard for free: www.bullguard.com
> >>>
> >>
> >>
> >>
> >> Concerned about your privacy? Instantly send FREE secure email,
> >no account required
> >> http://www.hushmail.com/send?l=480
> >>
> >> Get the best prices on SSL certificates from Hushmail
> >> https://www.hushssl.com?l=485
> >>
> >>
> >
> >
> >
> >
> >BullGuard Anti-virus has scanned this e-mail and found it clean.
> >Try BullGuard for free: www.bullguard.com
>
>
>
> Concerned about your privacy? Instantly send FREE secure email, no account
> required
> http://www.hushmail.com/send?l=480
>
> Get the best prices on SSL certificates from Hushmail
> https://www.hushssl.com?l=485
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/