Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exploiting memory corruption vulnerabilities on Internet Explorer 8

From: Freddie Vicious <fred.vicious () gmail com>
Date: Thu, 1 Oct 2009 09:44:09 -0700
Yes, I am aware of the JVM and the Flash AVM heap spray techniques, no
DEP/ASLR there... But as you said, so far there's no known "catch-all"
technique against IE8.
Along with other security features (
http://blogs.msdn.com/architecture/archive/2009/08/13/internet-explorer-8-rated-tops-against-malware-and-phishing-attacks.aspx)
this basicly means that IE8 is the most secure web browser nowadays?

On Thu, Oct 1, 2009 at 8:27 AM, Jared DeMott <jared.demott () harris com>wrote:


I'm not aware of any catch-all technique just for IE8, though there are
a few common ones like return oriented programming.  Application
specific techniques are also common when third party extensions are
involved.

--
__________________________________________
Jared D. DeMott
Principal Security Researcher





-- 
Best wishes,
Freddie Vicious
http://twitter.com/viciousf

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: