Computer Terrorism (UK) :: Incident Response Centre wrote: > Pursuant to the publication of the aforementioned bug/vulnerability, > this document serves as a preliminary Security Advisory for users of > Microsoft Internet Explorer version 6 and 7 Beta 2. > Successful exploitation will allow a remote attacker to execute > arbitrary code against a fully patched Windows XP system, yielding > system access with privileges of the underlying user.
So this is indeed a n-day vulnerability, with n a small positive integer. I must stress that I'm not the original author, and that I've seen this bug discussed in public forums as early as 19.03.2006. If exploitation is as easy as you claim, then probably the bad guys are already actively using this, just like they did with WMF. Oldest POC I've found, by 'shog9' (Joshua Heyer): http://www.shog9.com/crashIE.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
