PaulDotCom mailing list archives

IE Exploit

From: brian.seel at gmail.com (Brian Seel)
Date: Tue, 16 Dec 2008 09:51:26 -0800

Looks like this is already hitting the forward monkeys. I just got a vauge
message forwarded from my mom and aunt about the fact that there was a
vulnerability in IE (and it had a nice little note at the end that firefox
wasnt vulnerable). Heh.

2008/12/16 Ed Baunton <dj_ed12 at hotmail.com>

 And I think this is it on metasploit
http://trac.metasploitcom/changeset/6012<http://trac.metasploit.com/changeset/6012>


Just upgraded my install to include it and test on Vista IE7 and XP IE 6.

Am about to try on XP IE 7

 ------------------------------
*From:* pauldotcom-bounces at mail.pauldotcom.com [mailto:
pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *Chris Blazek
*Sent:* 16 December 2008 15:33
*To:* PaulDotCom Security Weekly Mailing List
*Subject:* Re: [Pauldotcom] IE Exploit

Is this the same exploit, MS Internet Explorer XML Parsing Buffer Overflow
Exploit (vista) 0day <http://www.milw0rm.org/exploits/7410> or variant
of,  listed on milw0rm?

http://www.milw0rm.org/exploits/7410





2008/12/16 Arch Angel <arch3angel at gmail.com>

I just heard the Risky Business show a few minutes ago and the guest
speaker believed IE 8 to be vulnerable but Patrick said that as of yet (his
words at the time of the release) Vista fully patched could not be exploited
in the lab.  However that is considering a fully patched Vista as well so I
am leaning on the side of caution with this one, at least till we have more
details.

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcomcom <Pauldotcom at mail.pauldotcom.com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




--
http://www.kingbin.net/

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081216/09e27ce2/attachment.htm

Current thread:

IE Exploit, (continued)
- - - IE Exploit Ed Baunton (Dec 16)
    - IE Exploit Jack Daniel (Dec 16)
    - IE Exploit Jack Daniel (Dec 16)
    - IE Exploit Karl Schuttler (Dec 16)
    - IE Exploit Ed Baunton (Dec 16)
    - IE Exploit byte.bucket at 4a44.com (Dec 16)
    - IE Exploit Arch Angel (Dec 16)
    - IE Exploit xgermx (Dec 16)
    - IE Exploit Chris Blazek (Dec 16)
    - IE Exploit Ed Baunton (Dec 16)
    - IE Exploit Brian Seel (Dec 16)
    - Message not available
    - IE Exploit Tim Krabec (Dec 16)