Se for verdade, esta será uma semana daquelas...
"Our security research team has observed a new zero day exploit being
used to infect systems. Coming from a porn website, this particular one
is a vulnerability in VML inside of Internet Explorer.
On a sample Vmware, the following behavior was observed:
The machine was fully patched —
And just to double-check, we ran an MBSA scan which confirmed the box as
fully patched:
Securityscan0000012
Then, the exploit code proceeds to install spyware.
The exploit uses a bug in VML in Internet Explorer to overflow a buffer
and inject shellcode. It is currently on and off again at a number of
sites.
Security researchers at Microsoft have been informed.
This story is developing and research is ongoing. Security
professionals can contact me for collaboration or further information.
This exploit can be mitigated by turning off Javascripting".
http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html
--
Nelson Corrêa de Toledo Ferraz
Segula Technologies (www.segula.fr)
Free Software Foundation Associate Member #3203
Sociedade Perl do Brasil (www.perl.org.br)
Rede Livre de Compartilhamento de Cultura Digital
_______________________________________________
PSL-Brasil mailing list
PSL-Brasil@listas.softwarelivre.org
http://listas.softwarelivre.org/mailman/listinfo/psl-brasil
Regras da lista:
http://twiki.softwarelivre.org/bin/view/PSLBrasil/RegrasDaListaPSLBrasil