Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 0-day exploit for Internet Explorer in the wild

From: Chuck Braden <JCBraden () AG TAMU EDU>
Date: Wed, 10 Dec 2008 16:12:02 -0600
These guys say Vista SP1 is also vulnerable. 
http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/
We have confirmed this vulnerability to be affecting, at least, a fully patched Windows XP SP3 and a Vista SP1 system. 
The exploit uses publicly known heap-spray techniques that enable control over a vtable pointer, allowing arbitrary 
code execution.


Jimmy C Braden
Information Security Officer
Extension Information Technology
Texas AgriLife Extension Service
979-862-7254
j-braden () tamu edu



Ken Connelly <Ken.Connelly () UNI EDU> 12/10/2008 3:50 PM >>>

Curt Wilson wrote:

I am assuming that Vista is not specifically at risk, but I don't know
for a fact. Anyone else know?

Thanks

  


XP and Windows 2003 are vulnerable from what I've heard.  I believe the 
XP reference implied fully-patched SP3.  I've not seen anything stating 
that Vista is immune, but I've also not seen it implicated as vulnerable.

-- 
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373
Previous By Date Next
Previous By Thread Next

Current thread: