funsec mailing list archives
Re: Another Priceless one from HDM
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Wed, 1 Nov 2006 15:16:10 -0500
More here: http://www.eweek.com/article2/0,1759,2048968,00.asp?kc=EWRSS03119TX1K0000594 http://tinyurl.com/w2gcz An "extremely critical" vulnerability in Microsoft Visual Studio 2005 could put users at risk of remote code execution attacks, the company confirmed Nov. 1. ADVERTISEMENT The Redmond, Wash., software maker issued a security advisory with pre-patch workarounds and warned that the flaw is already being used in zero-day attacks. "We are aware of proof of concept code published publicly and of the possibility of limited attacks that are attempting to use the reported vulnerability," Microsoft said in the advisory. and here: http://www.betanews.com/article/Microsoft_Scrambling_to_Patch_Exploit/1162401603 http://tinyurl.com/y394vx This morning, Microsoft Security announced it has been alerted to proof-of-concept code that may already have been referenced in the creation of a malicious exploit. Although details about the exploit itself have not yet be revealed, according to this morning's advisory, the point of weakness is a Windows library that is shipped with Visual Studio 2005, called wmiscriptutils.dll. Apparently a call to this library, placed from within a script executed in some installations of Internet Explorer 7 with default settings, on operating systems other than Windows Server 2003, can trigger possible unguarded remote malicious code execution. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Another Priceless one from HDM Dude VanWinkle (Nov 01)
- Re: Another Priceless one from HDM Dude VanWinkle (Nov 01)