Re: Re: IE7 Zero Day

["ad () heapoverflow com" <ad () heapoverflow com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
me I'm waiting for Gadi Evron to open a 0day for sale mailing list huh :>

naveed wrote:
> oops....and we have seen a dumb cunt is trying to advertise a 0-day on
> this free list, which is not meant to be used for such kind of
> purposes. i bet you have not posted your ad here if FD would have
> charged you some $$
> you might be a hax0r since you have discovered a vulnerability but you
> are more stupid than all of us since you cannot read a very simple
> charter
>
> http://lists.grok.org.uk/full-disclosure-charter.html
>
>
> On 5/6/06, 0x80 () hush ai <0x80 () hush ai> wrote:
> > So now that you are done wasting my time and bullshitting for info.
> >
> > What do you think?  What context does IE run in?  Sure, this gives
> > admin rights... if the user running IE has admin rights...
> >
> > But I shouldn't have to tell you that.  BTW, I CCed the FD list so
> > others can see yet another dumb cunt trying to get info with no
> > cash and no intent to buy.
> >
> >
> >
> > On Fri, 05 May 2006 19:23:05 -0700 Simon Smith <simon () snosoft com>
> > wrote:
> > > Very interesting,
> > >    But, my buyer is looking for exploits which yeild remote
> > > administrative access to the targeted systems. Do either of these
> > > do this?
> > >
> > > 0x80 () hush ai wrote:
> > > > OK.
> > > >
> > > > There are two issues with IE 7.  The first issue is also found
> > > in
> > > > IE 6 but in IE 6 I believe it is not exploitable (seems to be a
> > > > null pointer).
> > > >
> > > > Issue 1 - IE 6.0 Crash.  IE 7 (all ver) remote code execution.
> > > > Lets call this one a malformed file type that IE considers safe.
> > > >
> > > > Issue 2 - IE 7.0 Information Stealing.  Target visits malicious
> > > web
> > > > site and contents of all tabbed pages, including related cookies
> >
> > > > and cache information, can be yanked.  Perhaps we can coin this
> > > one
> > > > to be Cross Tab Scripting but no user interaction is required.
> > > >
> > > > Consider this exploit scenario:  User is doing online banking in
> >
> > > > one tab.  User is checking gmail in another.  User opens third
> > > tab
> > > > and visits malicious web site.  I now have a copy of all data
> > > from
> > > > the first two tabs.
> > > >
> > > > My current high bid is $12,500.00 2% of any profits made by the
> > > use
> > > > of the exploit although I suspect that sort of thing would be
> > > tough
> > > > to audit.
> > > >
> > > > On Fri, 05 May 2006 15:30:17 -0700 Simon Smith
> > > <simon () snosoft com>
> > > > wrote:
> > > >
> > > > > Well,
> > > > >    My buyers require temporary exclusivity during the
> > > > > vetting/validation process and permanent exclusivity and
> > > secrecy
> > > > > if they
> > > > > purchase the tool. If they do not purchase the tool, the the
> > > tool
> > > > > is
> > > > > yours. My buyers will also most probably out bid your buyers by
> >
> > > a
> > > > > significant amount. What is your current highest bid? Describe
> > > > > this
> > > > > exploit to me at a very high level without giving away any
> > > > > technical
> > > > > details.
> > > > >
> > > > >
> > > > > -Simon
> > > > >
> > > > >
> > > > >
> > > > > BullGuard Anti-virus has scanned this e-mail and found it
> > > clean.
> > > > > Try BullGuard for free: www.bullguard.com
> > > >
> > > >
> > > >
> > > > Concerned about your privacy? Instantly send FREE secure email,
> > > no account required
> > > > http://www.hushmail.com/send?l=480
> > > >
> > > > Get the best prices on SSL certificates from Hushmail
> > > > https://www.hushssl.com?l=485
> > >
> > >
> > >
> > >
> > > BullGuard Anti-virus has scanned this e-mail and found it clean.
> > > Try BullGuard for free: www.bullguard.com
> >
> >
> >
> > Concerned about your privacy? Instantly send FREE secure email, no account
> > required
> > http://www.hushmail.com/send?l=480
> >
> > Get the best prices on SSL certificates from Hushmail
> > https://www.hushssl.com?l=485
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (MingW32)
 
iD8DBQFEXhr+FJS99fNfR+YRAkSRAKC+TRaYlFpDQ0rpFjcn3LzfYdVS7gCfThuY
3ORsTNbIAXJ8wgGe+ltLctk=
=GM6f
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/