[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <445E1AFE.6060900@heapoverflow.com>
Date: Sun May 7 17:08:11 2006
From: ad at heapoverflow.com (ad@...poverflow.com)
Subject: Re: IE7 Zero Day
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
me I'm waiting for Gadi Evron to open a 0day for sale mailing list huh :>
naveed wrote:
> oops....and we have seen a dumb cunt is trying to advertise a 0-day on
> this free list, which is not meant to be used for such kind of
> purposes. i bet you have not posted your ad here if FD would have
> charged you some $$
> you might be a hax0r since you have discovered a vulnerability but you
> are more stupid than all of us since you cannot read a very simple
> charter
>
> http://lists.grok.org.uk/full-disclosure-charter.html
>
>
> On 5/6/06, 0x80@...h.ai <0x80@...h.ai> wrote:
>> So now that you are done wasting my time and bullshitting for info.
>>
>> What do you think? What context does IE run in? Sure, this gives
>> admin rights... if the user running IE has admin rights...
>>
>> But I shouldn't have to tell you that. BTW, I CCed the FD list so
>> others can see yet another dumb cunt trying to get info with no
>> cash and no intent to buy.
>>
>>
>>
>> On Fri, 05 May 2006 19:23:05 -0700 Simon Smith <simon@...soft.com>
>> wrote:
>> >Very interesting,
>> > But, my buyer is looking for exploits which yeild remote
>> >administrative access to the targeted systems. Do either of these
>> >do this?
>> >
>> >0x80@...h.ai wrote:
>> >> OK.
>> >>
>> >> There are two issues with IE 7. The first issue is also found
>> >in
>> >> IE 6 but in IE 6 I believe it is not exploitable (seems to be a
>> >> null pointer).
>> >>
>> >> Issue 1 - IE 6.0 Crash. IE 7 (all ver) remote code execution.
>> >> Lets call this one a malformed file type that IE considers safe.
>> >>
>> >> Issue 2 - IE 7.0 Information Stealing. Target visits malicious
>> >web
>> >> site and contents of all tabbed pages, including related cookies
>>
>> >
>> >> and cache information, can be yanked. Perhaps we can coin this
>> >one
>> >> to be Cross Tab Scripting but no user interaction is required.
>> >>
>> >> Consider this exploit scenario: User is doing online banking in
>>
>> >
>> >> one tab. User is checking gmail in another. User opens third
>> >tab
>> >> and visits malicious web site. I now have a copy of all data
>> >from
>> >> the first two tabs.
>> >>
>> >> My current high bid is $12,500.00 2% of any profits made by the
>> >use
>> >> of the exploit although I suspect that sort of thing would be
>> >tough
>> >> to audit.
>> >>
>> >> On Fri, 05 May 2006 15:30:17 -0700 Simon Smith
>> ><simon@...soft.com>
>> >> wrote:
>> >>
>> >>> Well,
>> >>> My buyers require temporary exclusivity during the
>> >>> vetting/validation process and permanent exclusivity and
>> >secrecy
>> >>> if they
>> >>> purchase the tool. If they do not purchase the tool, the the
>> >tool
>> >>> is
>> >>> yours. My buyers will also most probably out bid your buyers by
>>
>> >a
>> >>> significant amount. What is your current highest bid? Describe
>> >>> this
>> >>> exploit to me at a very high level without giving away any
>> >>> technical
>> >>> details.
>> >>>
>> >>>
>> >>> -Simon
>> >>>
>> >>>
>> >>>
>> >>> BullGuard Anti-virus has scanned this e-mail and found it
>> >clean.
>> >>> Try BullGuard for free: www.bullguard.com
>> >>>
>> >>
>> >>
>> >>
>> >> Concerned about your privacy? Instantly send FREE secure email,
>> >no account required
>> >> http://www.hushmail.com/send?l=480
>> >>
>> >> Get the best prices on SSL certificates from Hushmail
>> >> https://www.hushssl.com?l=485
>> >>
>> >>
>> >
>> >
>> >
>> >
>> >BullGuard Anti-virus has scanned this e-mail and found it clean.
>> >Try BullGuard for free: www.bullguard.com
>>
>>
>>
>> Concerned about your privacy? Instantly send FREE secure email, no account
>> required
>> http://www.hushmail.com/send?l=480
>>
>> Get the best prices on SSL certificates from Hushmail
>> https://www.hushssl.com?l=485
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (MingW32)
iD8DBQFEXhr+FJS99fNfR+YRAkSRAKC+TRaYlFpDQ0rpFjcn3LzfYdVS7gCfThuY
3ORsTNbIAXJ8wgGe+ltLctk=
=GM6f
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists