Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] Another Zero-Day Windows Exploit

begin  risky.vbs
	Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> writes:
> On Sat, 07 Oct 2006 11:20:55 +0100, Roy Schestowitz wrote:
>> Another zero day... Setslice is in the wild
>> ,----[ Quote ]
>>| Busy past few weeks... first the VML exploit (now patched by
>>| Microsoft), then the daxtcle.ocx exploit (not patched yet), and
>>| then last night, our friend Roger Thompson reported seeing another
>>| exploit, commonly referred to as ?setslice? [since it uses the
>>| setslice() method to exploit] in the wild.
>> `----
>> http://hackersblog.itproportal.com/?p=352
> I dunno, i went to the test page, and clicked the button, and it
> didn't crash my browser.  I'm running IE7 RC1.  The only thing that
> happened was it asked me to run an unsafe ActiveX control, which i
> didn't do.


    Successful exploitation allows execution of arbitrary code.

    NOTE: Exploit code is publicly available.

    The vulnerability is confirmed on a fully patched system with
    Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions
    may also be affected.

Security is one of those funny things.  You can talk about being "more"
secure, but there's no such thing.  A vulnerability is a vulnerability, and
even one makes you just as insecure as anyone else.  Security is a binary
condition, either you are or you aren't. - Funkenbusch 1 Oct 2006

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index