lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.62.0707302359570.20755@linuxbox.org>
Date: Tue, 31 Jul 2007 00:01:49 -0500 (CDT)
From: Gadi Evron <ge@...uxbox.org>
To: Nick FitzGerald <nick@...us-l.demon.co.uk>
Cc: bugtraq@...urityfocus.com
Subject: Re: Exploit In Internet Explorer

On Tue, 31 Jul 2007, Nick FitzGerald wrote:
> RaeD@...Mail.Com wrote:
>
>> Discovred By : Hasadya Raed
>
> "Discovred" as in "found in a web page with some dodgy script in it"?
> This exploit (though not in this precise form) is common as muck in
> them thar int-duh-net tubes at the moment...
>
> You can't mean "discovered" as in "first found through unique personal
> research/investigation/etc" as this exploit has been publicly disclosed
> since April 2006, I think (and privately used previously?):

I believe RaeD meant no offense and did was in fact not aware of the 
previous findings. In the past SecuriTeam helped him out with 
disclosure and his findings were on the moeny.

I think:
1. This is either yet another exploit.
2. An honest mistake.

But I am not RaeD not affiliated with him. Give people the benefit of the 
doubt. Who would steal thi sbluntly only to be found out?

Thanks.

>
>   http://www.milw0rm.com/exploits/2052
>
> and again, in a more elaborate "multiple dodgy ActiveX control target"
> version shortly thereafter:
>
>   http://www.milw0rm.com/exploits/2164
>
>> Now You Can To Download Exe Files And To Run Without Msgs :
>
> Oh, and did I mention patched since 11 April 2006:
>
>   http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
>
> So probably not that effective if what you want is an assured "fire an
> forget" remote IE exploit...
>
>
> Regards,
>
> Nick FitzGerald
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ