lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060506083331.0D14033C23@mailserver5.hushmail.com>
Date: Sat May  6 09:33:49 2006
From: 0x80 at hush.ai (0x80@...h.ai)
Subject: IE7 Zero Day

So now that you are done wasting my time and bullshitting for info.

What do you think?  What context does IE run in?  Sure, this gives 
admin rights... if the user running IE has admin rights...

But I shouldn't have to tell you that.  BTW, I CCed the FD list so 
others can see yet another dumb cunt trying to get info with no 
cash and no intent to buy.



On Fri, 05 May 2006 19:23:05 -0700 Simon Smith <simon@...soft.com> 
wrote:
>Very interesting,
>    But, my buyer is looking for exploits which yeild remote
>administrative access to the targeted systems. Do either of these 
>do this?
>
>0x80@...h.ai wrote:
>> OK.
>>
>> There are two issues with IE 7.  The first issue is also found 
>in 
>> IE 6 but in IE 6 I believe it is not exploitable (seems to be a 
>> null pointer). 
>>
>> Issue 1 - IE 6.0 Crash.  IE 7 (all ver) remote code execution.  
>> Lets call this one a malformed file type that IE considers safe.
>>
>> Issue 2 - IE 7.0 Information Stealing.  Target visits malicious 
>web 
>> site and contents of all tabbed pages, including related cookies 

>
>> and cache information, can be yanked.  Perhaps we can coin this 
>one 
>> to be Cross Tab Scripting but no user interaction is required.
>>
>> Consider this exploit scenario:  User is doing online banking in 

>
>> one tab.  User is checking gmail in another.  User opens third 
>tab 
>> and visits malicious web site.  I now have a copy of all data 
>from 
>> the first two tabs.
>>
>> My current high bid is $12,500.00 2% of any profits made by the 
>use 
>> of the exploit although I suspect that sort of thing would be 
>tough 
>> to audit.
>>
>> On Fri, 05 May 2006 15:30:17 -0700 Simon Smith 
><simon@...soft.com> 
>> wrote:
>>   
>>> Well,
>>>    My buyers require temporary exclusivity during the
>>> vetting/validation process and permanent exclusivity and 
>secrecy 
>>> if they
>>> purchase the tool. If they do not purchase the tool, the the 
>tool 
>>> is
>>> yours. My buyers will also most probably out bid your buyers by 

>a
>>> significant amount. What is your current highest bid? Describe 
>>> this
>>> exploit to me at a very high level without giving away any 
>>> technical
>>> details.
>>>
>>>
>>> -Simon
>>>
>>>
>>>
>>> BullGuard Anti-virus has scanned this e-mail and found it 
>clean.
>>> Try BullGuard for free: www.bullguard.com
>>>     
>>
>>
>>
>> Concerned about your privacy? Instantly send FREE secure email, 
>no account required
>> http://www.hushmail.com/send?l=480
>>
>> Get the best prices on SSL certificates from Hushmail
>> https://www.hushssl.com?l=485
>>
>>   
>
>
>
>
>BullGuard Anti-virus has scanned this e-mail and found it clean.
>Try BullGuard for free: www.bullguard.com



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ