Microsoft IE Remote Code Execution Exploit (0day) - Critical

18/08/2005 - 21:34 por (i) | Informe spam
Microsoft IE Remote Code Execution Exploit (0day) - Critical
http://www.neowin.net/comments.php?...egory=main


FrSIRT have identified a critical vulnerability with Internet Explorer
6 for Windows XP SP1 and SP2.

The problem could be exploited by remote attackers to execute
arbitrary commands. The issue is due to a memory corruption error when
instantiating the "Msdds.dll" (Microsoft Design Tools Diagram Surface)
object as an ActiveX control, which could be exploited by an attacker
to take complete control of an affected system via a specially crafted
Web page.

Unfortunately for users of Internet Explorer 6 there is 0day Exploit
Code readily available for would be hackers to create web pages. This
is un-usual and brings into question whether FrSIRT were taking decent
measures to ensure Microsoft were aware of this threat.

According to a Microsoft Spokesperson, "Microsoft is aggressively
investigating new public reports of a possible vulnerability in
Internet Explorer. Upon completion of this investigation, Microsoft
will take the appropriate action to help protect our customers. This
may include providing a security update through our monthly release
process or providing an out-of-cycle security update, depending on
customer needs. Microsoft is concerned that this new report of a
vulnerability in Internet Explorer was not disclosed responsibly,
potentially putting computer users at risk."

We will keep you updated on Microsoft's investigations and whether
they plan to release a patch for this flaw soon.

EXPLOIT
http://www.frsirt.com/exploits/2005...l-0day.php

Preguntas similare

Leer las respuestas

#1 maca
18/08/2005 - 21:45 | Informe spam
Si tenia alguna duda, hoy me lo has aclarado: El Pablo Lleo Garcia es el
unico troll en estos grupos y que eestá escribiendo desde esas tres o cuatro
direcciones extrañas. O desde el proxy que han dicho o desde aioe, o desde
sunsite.

Apoyo la mocion de slag por una unica vez en la vida voy a ser partidaria de
la violencia fisica.


"(i)" escribió en el mensaje news:10rb85zez63xs$
Microsoft IE Remote Code Execution Exploit (0day) - Critical
http://www.neowin.net/comments.php?...egory=main


FrSIRT have identified a critical vulnerability with Internet Explorer
6 for Windows XP SP1 and SP2.

The problem could be exploited by remote attackers to execute
arbitrary commands. The issue is due to a memory corruption error when
instantiating the "Msdds.dll" (Microsoft Design Tools Diagram Surface)
object as an ActiveX control, which could be exploited by an attacker
to take complete control of an affected system via a specially crafted
Web page.

Unfortunately for users of Internet Explorer 6 there is 0day Exploit
Code readily available for would be hackers to create web pages. This
is un-usual and brings into question whether FrSIRT were taking decent
measures to ensure Microsoft were aware of this threat.

According to a Microsoft Spokesperson, "Microsoft is aggressively
investigating new public reports of a possible vulnerability in
Internet Explorer. Upon completion of this investigation, Microsoft
will take the appropriate action to help protect our customers. This
may include providing a security update through our monthly release
process or providing an out-of-cycle security update, depending on
customer needs. Microsoft is concerned that this new report of a
vulnerability in Internet Explorer was not disclosed responsibly,
potentially putting computer users at risk."

We will keep you updated on Microsoft's investigations and whether
they plan to release a patch for this flaw soon.

EXPLOIT
http://www.frsirt.com/exploits/2005...l-0day.php
email Siga el debate Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaRespuesta Tengo una respuesta
Search Busqueda sugerida