| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 Jul 2007 00:01:49 -0500 (CDT) From: Gadi Evron <ge@...uxbox.org> To: Nick FitzGerald <nick@...us-l.demon.co.uk> Cc: bugtraq@...urityfocus.com Subject: Re: Exploit In Internet Explorer On Tue, 31 Jul 2007, Nick FitzGerald wrote: > RaeD@...Mail.Com wrote: > >> Discovred By : Hasadya Raed > > "Discovred" as in "found in a web page with some dodgy script in it"? > This exploit (though not in this precise form) is common as muck in > them thar int-duh-net tubes at the moment... > > You can't mean "discovered" as in "first found through unique personal > research/investigation/etc" as this exploit has been publicly disclosed > since April 2006, I think (and privately used previously?): I believe RaeD meant no offense and did was in fact not aware of the previous findings. In the past SecuriTeam helped him out with disclosure and his findings were on the moeny. I think: 1. This is either yet another exploit. 2. An honest mistake. But I am not RaeD not affiliated with him. Give people the benefit of the doubt. Who would steal thi sbluntly only to be found out? Thanks. > > http://www.milw0rm.com/exploits/2052 > > and again, in a more elaborate "multiple dodgy ActiveX control target" > version shortly thereafter: > > http://www.milw0rm.com/exploits/2164 > >> Now You Can To Download Exe Files And To Run Without Msgs : > > Oh, and did I mention patched since 11 April 2006: > > http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx > > So probably not that effective if what you want is an assured "fire an > forget" remote IE exploit... > > > Regards, > > Nick FitzGerald >
Powered by blists - more mailing lists