lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1146299137.25963.1285.camel@ts3.intnet>
Date: Sat Apr 29 14:50:11 2006
From: vuln-remove at secunia.com (Secunia Research)
Subject: MSIE Nested Object Vulnerability Is Exploitable

Hello,

A little update on the MSIE Nested Object vulnerability.

During further investigation of the issue reported by Michal Zalewski
and the exploit provided by Secunia to Microsoft on Wednesday 26th
April, we have concluded that the exploit does not exploit the exact
issue reported by Michal Zalewski but a variant hereof.

Microsoft therefore treats this as a privately disclosed vulnerability,
thus Secunia will not be releasing any further details before Microsoft
releases a patch for this vulnerability.

Kind regards,

Thomas Kristensen
CTO

Secunia 
Hammerensgade 4, 2. floor
DK-1267 Copenhagen K
Denmark

Tlf.: +45 7020 5144
Fax:  +45 7020 5145

On Fri, 2006-04-28 at 09:33 +0200, Secunia Research wrote:
> Hello,
> 
> There has recently been some discussion regarding whether or not the
> MSIE Nested Object Vulnerability reported by Michal Zalewski is
> exploitable or not.
> 
> Link to Michal Zalewski Full-Disclosure Posting:
> http://lists.grok.org.uk/pipermail/full-disclosure/2006-
> April/045422.html
> 
> Because of this, Secunia has received several enquiries and comments
> about the "Highly critical" rating of this advisory (SA19762) as no
> proof of exploitation has been publicly disclosed.
> 
> In response to this, we would like to stress that Secunia has developed
> a working exploit for this vulnerability. This exploit will not be
> disclosed publicly, but was sent to Microsoft on Wednesday 2006-04-26.
> The advisory rating of "Highly critical" and "System access" impact is
> therefore fully justified.
> 
> Kind regards,
> 
> Thomas Kristensen
> CTO
> 
> Secunia 
> Hammerensgade 4, 2. floor
> DK-1267 Copenhagen K
> Denmark
> 
> Tlf.: +45 7020 5144
> Fax:  +45 7020 5145
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ