[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060506083331.0D14033C23@mailserver5.hushmail.com>
Date: Sat May 6 09:33:49 2006
From: 0x80 at hush.ai (0x80@...h.ai)
Subject: IE7 Zero Day
So now that you are done wasting my time and bullshitting for info.
What do you think? What context does IE run in? Sure, this gives
admin rights... if the user running IE has admin rights...
But I shouldn't have to tell you that. BTW, I CCed the FD list so
others can see yet another dumb cunt trying to get info with no
cash and no intent to buy.
On Fri, 05 May 2006 19:23:05 -0700 Simon Smith <simon@...soft.com>
wrote:
>Very interesting,
> But, my buyer is looking for exploits which yeild remote
>administrative access to the targeted systems. Do either of these
>do this?
>
>0x80@...h.ai wrote:
>> OK.
>>
>> There are two issues with IE 7. The first issue is also found
>in
>> IE 6 but in IE 6 I believe it is not exploitable (seems to be a
>> null pointer).
>>
>> Issue 1 - IE 6.0 Crash. IE 7 (all ver) remote code execution.
>> Lets call this one a malformed file type that IE considers safe.
>>
>> Issue 2 - IE 7.0 Information Stealing. Target visits malicious
>web
>> site and contents of all tabbed pages, including related cookies
>
>> and cache information, can be yanked. Perhaps we can coin this
>one
>> to be Cross Tab Scripting but no user interaction is required.
>>
>> Consider this exploit scenario: User is doing online banking in
>
>> one tab. User is checking gmail in another. User opens third
>tab
>> and visits malicious web site. I now have a copy of all data
>from
>> the first two tabs.
>>
>> My current high bid is $12,500.00 2% of any profits made by the
>use
>> of the exploit although I suspect that sort of thing would be
>tough
>> to audit.
>>
>> On Fri, 05 May 2006 15:30:17 -0700 Simon Smith
><simon@...soft.com>
>> wrote:
>>
>>> Well,
>>> My buyers require temporary exclusivity during the
>>> vetting/validation process and permanent exclusivity and
>secrecy
>>> if they
>>> purchase the tool. If they do not purchase the tool, the the
>tool
>>> is
>>> yours. My buyers will also most probably out bid your buyers by
>a
>>> significant amount. What is your current highest bid? Describe
>>> this
>>> exploit to me at a very high level without giving away any
>>> technical
>>> details.
>>>
>>>
>>> -Simon
>>>
>>>
>>>
>>> BullGuard Anti-virus has scanned this e-mail and found it
>clean.
>>> Try BullGuard for free: www.bullguard.com
>>>
>>
>>
>>
>> Concerned about your privacy? Instantly send FREE secure email,
>no account required
>> http://www.hushmail.com/send?l=480
>>
>> Get the best prices on SSL certificates from Hushmail
>> https://www.hushssl.com?l=485
>>
>>
>
>
>
>
>BullGuard Anti-virus has scanned this e-mail and found it clean.
>Try BullGuard for free: www.bullguard.com
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
Powered by blists - more mailing lists