Re: MS07-069 DHTML Objects Memory Corruption - has anybody seen it in the wild?

[Valdis.Kletnieks () vt edu]

On Tue, 15 Jan 2008 15:36:22 +0100, Alla Bezroutchko said:
> Microsoft security bulletin says: "When the security bulletin was
> released, Microsoft had received information that this vulnerability was
> being exploited." However I haven't found any references to an exploit
> in the wild. Checked a few anti-virus databases, but nothing there either.

Note that the mentioned exploit may not show up in an anti-virus database
because it's not in anything that the A/V actually checks (think about why
you rarely see browser exploits in an A/V database - what the A/V lists is
the stuff dumped on the end user's box after the exploit gets things started).

I'd look for things like bleeding-edge Snort signatures and the like.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/