Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Killbits (I'm not dead yet!)

From: dave <dave () immunityinc com>
Date: Tue, 28 Jul 2009 14:21:01 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Howard has some of the gritty details of the Killbit bypass here
(see Bug #2):
http://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-sdl.aspx

I still don't really understand the vulnerability (do you have to get
one ActiveX control instantiated in order to send it the marshalled
property map that instantiates the vulnerable object?). But the patches
are out, so the information as free as it wanted to be.

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkpvQY0ACgkQtehAhL0ghep0KgCZAYW54dUIZf38qGsrjbeTI6A2
YD0AnjfE+jAcHiLQGDqK+wDS+uWlwP43
=e8Fa
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: