-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think you are wrong stelian, they are probably warning about this high threat gave to the list :>
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043922.html Stelian Ene wrote: > Computer Terrorism (UK) :: Incident Response Centre wrote: >> Pursuant to the publication of the aforementioned bug/vulnerability, >> this document serves as a preliminary Security Advisory for users of >> Microsoft Internet Explorer version 6 and 7 Beta 2. >> Successful exploitation will allow a remote attacker to execute >> arbitrary code against a fully patched Windows XP system, yielding >> system access with privileges of the underlying user. > > So this is indeed a n-day vulnerability, with n a small positive integer. > I must stress that I'm not the original author, and that I've seen this bug > discussed in public forums as early as 19.03.2006. If exploitation is as easy as > you claim, then probably the bad guys are already actively using this, just like > they did with WMF. > > Oldest POC I've found, by 'shog9' (Joshua Heyer): > http://www.shog9.com/crashIE.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > __________ NOD32 1.1455 (20060322) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (MingW32) iD8DBQFEIa2iFJS99fNfR+YRArG9AKCFlHx95odsV8i8a8JCWfVDLJNlogCgvkzw 5mzCUFH6RaOtjL6TX17d808= =8i3n -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
