Re: Another Priceless one from HDM

["Dude VanWinkle" <dudevanwinkle () gmail com>]

More here:

http://www.eweek.com/article2/0,1759,2048968,00.asp?kc=EWRSS03119TX1K0000594
http://tinyurl.com/w2gcz

An "extremely critical" vulnerability in Microsoft Visual Studio 2005
could put users at risk of remote code execution attacks, the company
confirmed Nov. 1.
ADVERTISEMENT

The Redmond, Wash., software maker issued a security advisory with
pre-patch workarounds and warned that the flaw is already being used
in zero-day attacks.

"We are aware of proof of concept code published publicly and of the
possibility of limited attacks that are attempting to use the reported
vulnerability," Microsoft said in the advisory.


and here: http://www.betanews.com/article/Microsoft_Scrambling_to_Patch_Exploit/1162401603
http://tinyurl.com/y394vx



This morning, Microsoft Security announced it has been alerted to
proof-of-concept code that may already have been referenced in the
creation of a malicious exploit.

Although details about the exploit itself have not yet be revealed,
according to this morning's advisory, the point of weakness is a
Windows library that is shipped with Visual Studio 2005, called
wmiscriptutils.dll. Apparently a call to this library, placed from
within a script executed in some installations of Internet Explorer 7
with default settings, on operating systems other than Windows Server
2003, can trigger possible unguarded remote malicious code execution.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.