Full Disclosure mailing list archives
Re: Re: IE7 Zero Day
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Sun, 07 May 2006 18:06:22 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 me I'm waiting for Gadi Evron to open a 0day for sale mailing list huh :> naveed wrote:
oops....and we have seen a dumb cunt is trying to advertise a 0-day on this free list, which is not meant to be used for such kind of purposes. i bet you have not posted your ad here if FD would have charged you some $$ you might be a hax0r since you have discovered a vulnerability but you are more stupid than all of us since you cannot read a very simple charter http://lists.grok.org.uk/full-disclosure-charter.html On 5/6/06, 0x80 () hush ai <0x80 () hush ai> wrote:So now that you are done wasting my time and bullshitting for info. What do you think? What context does IE run in? Sure, this gives admin rights... if the user running IE has admin rights... But I shouldn't have to tell you that. BTW, I CCed the FD list so others can see yet another dumb cunt trying to get info with no cash and no intent to buy. On Fri, 05 May 2006 19:23:05 -0700 Simon Smith <simon () snosoft com> wrote:Very interesting, But, my buyer is looking for exploits which yeild remote administrative access to the targeted systems. Do either of these do this? 0x80 () hush ai wrote:OK. There are two issues with IE 7. The first issue is also foundinIE 6 but in IE 6 I believe it is not exploitable (seems to be a null pointer). Issue 1 - IE 6.0 Crash. IE 7 (all ver) remote code execution. Lets call this one a malformed file type that IE considers safe. Issue 2 - IE 7.0 Information Stealing. Target visits maliciouswebsite and contents of all tabbed pages, including related cookiesand cache information, can be yanked. Perhaps we can coin thisoneto be Cross Tab Scripting but no user interaction is required. Consider this exploit scenario: User is doing online banking inone tab. User is checking gmail in another. User opens thirdtaband visits malicious web site. I now have a copy of all datafromthe first two tabs. My current high bid is $12,500.00 2% of any profits made by theuseof the exploit although I suspect that sort of thing would betoughto audit. On Fri, 05 May 2006 15:30:17 -0700 Simon Smith<simon () snosoft com>wrote:Well, My buyers require temporary exclusivity during the vetting/validation process and permanent exclusivity andsecrecyif they purchase the tool. If they do not purchase the tool, the thetoolis yours. My buyers will also most probably out bid your buyers byasignificant amount. What is your current highest bid? Describe this exploit to me at a very high level without giving away any technical details. -Simon BullGuard Anti-virus has scanned this e-mail and found itclean.Try BullGuard for free: www.bullguard.comConcerned about your privacy? Instantly send FREE secure email,no account requiredhttp://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485BullGuard Anti-virus has scanned this e-mail and found it clean. Try BullGuard for free: www.bullguard.comConcerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (MingW32) iD8DBQFEXhr+FJS99fNfR+YRAkSRAKC+TRaYlFpDQ0rpFjcn3LzfYdVS7gCfThuY 3ORsTNbIAXJ8wgGe+ltLctk= =GM6f -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: IE7 Zero Day, (continued)
- Re: IE7 Zero Day Ron DuFresne (May 05)
- Re: IE7 Zero Day 0x80 (May 05)
- Re: IE7 Zero Day 0x80 (May 05)
- Re: IE7 Zero Day Ryan Whelan (May 05)
- Re: IE7 Zero Day 0x80 (May 05)
- Re: IE7 Zero Day daniel uriah clemens (May 05)
- Re: IE7 Zero Day Dave Alanis (May 05)
- Re: IE7 Zero Day 0x80 (May 06)
- Re: IE7 Zero Day FRLinux (May 06)
- Re: IE7 Zero Day naveed (May 07)
- Re: Re: IE7 Zero Day ad () heapoverflow com (May 07)
- Re: IE7 Zero Day 0x80 (May 07)
- Re: IE7 Zero Day n3td3v (May 07)
- Re: IE7 Zero Day bkfsec (May 10)
- Re: IE7 Zero Day 0x80 (May 07)
- Re: IE7 Zero Day 0x80 (May 07)
- Re: IE7 Zero Day n3td3v (May 08)
- Re: IE7 Zero Day Ducki3 (May 09)
- Re: IE7 Zero Day n3td3v (May 08)
- Re: IE7 Zero Day 0x80 (May 09)