lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: tuytumadre at att.net (tuytumadre@....net)
Subject: Microsoft Internet Explorer Full Remote
	Compromise w/o User Intervention

Through a joint effort between Micheal Evanchik and Paul (me) of Greyhats Security, a Full Remote Compromise of Microsoft's Internet Explorer has been developed for SP2 which requires no user interaction. This exploit is based on several previous vulnerabilities and can be used to write an executable to a user's harddrive and run it, requiring nothing from the user except visiting a webpage. Microsoft was able to reproduce the issue and has agreed that the severity is indeed critical. Because the vulnerabilities (3 total, each based on different technologies) have been known and unpatched for quite some time, we have decided to release the information on this exploit in hopes that in the future Microsoft will work faster towards patching vulnerabilities that we security researchers disclose to them. This exploit is definately not for script kiddies and uses several files being hosted on a server so I doubt a worm will be released that uses this flaw, at least not before a patch is released. The most common use for this in the upcomming months will probably be spyware. However, you can avoid all consequences of this exploit by disabling hta files, disabled active scripting, or switching to a different browser altogether. My recommendation is switch to FireFox (http://firefox.com). I use it; it's just like Internet Explorer, but with added features like skinning, customization, and O! the security :-)
 
Analysis- http://freehost07.websamba.com/greyhats/sp2rc-analysis.htm
PoC- http://freehost07.websamba.com/greyhats/sp2rc.htm

Credit
-------
Paul - http://greyhats.cjb.net
Michael Evanchik - http://michaelevanchik.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041224/13612868/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ