| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1146209581.9166.3468.camel@ts2.intnet> Date: Fri Apr 28 08:53:20 2006 From: vuln-remove at secunia.com (Secunia Research) Subject: MSIE Nested Object Vulnerability Is Exploitable Hello, There has recently been some discussion regarding whether or not the MSIE Nested Object Vulnerability reported by Michal Zalewski is exploitable or not. Link to Michal Zalewski Full-Disclosure Posting: http://lists.grok.org.uk/pipermail/full-disclosure/2006- April/045422.html Because of this, Secunia has received several enquiries and comments about the "Highly critical" rating of this advisory (SA19762) as no proof of exploitation has been publicly disclosed. In response to this, we would like to stress that Secunia has developed a working exploit for this vulnerability. This exploit will not be disclosed publicly, but was sent to Microsoft on Wednesday 2006-04-26. The advisory rating of "Highly critical" and "System access" impact is therefore fully justified. Kind regards, Thomas Kristensen CTO Secunia Hammerensgade 4, 2. floor DK-1267 Copenhagen K Denmark Tlf.: +45 7020 5144 Fax: +45 7020 5145
Powered by blists - more mailing lists