Threat Level: green Handler on Duty: Tom Webb

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MSIE 'Sploit du Jour

Published: 2006-04-27
Last Updated: 2006-04-27 19:36:57 UTC
by Tom Liston (Version: 1)
0 comment(s)
Yesterday's.
Today's.

#!/bin/sh
cat /usr/home/tliston/diaryheader.html > diary.html
echo "$1 has discovered a vulnerability in Internet Explorer," >> diary.html
echo "which can be exploited by $2 to compromise a user's system." >> diary.html
echo "The vulnerability is caused by an error in $3 " >> diary.html
echo "that can be exploited to $4, by tricking a user into visiting" >> diary.html 
echo " a malicious web site. Successful exploitation allows $5." >> diary.html
cat /usr/home/tliston/diaryfooter.html >> diary.html
mv diary.html /www/htdocs

tommy: tom$: ./ie_dujour.sh
MATTHEW MURPHY has discovered a vulnerability in Internet Explorer, which can be exploited by EVIL HACKERS to compromise a user's system. The vulnerability is caused by an error in A RACE CONDITION IN THE DISPLAY AND PROCESSING OF SECURITY DIALOGS RELATING TO THE INSTALLATION/EXECUTION OF ACTIVEX CONTROLS that can be exploited to CONVINCE A USER TO INSTALL A MALICIOUS ACTIVEX COMPONENT, by tricking a user into visiting a malicious website.  Successful exploitation allows THE ABILITY TO EXECUTE ARBITRARY CODE ON THE TARGET MACHINE.

Sigh...

Handler on Duty: Tom Liston - Intelguardians
Keywords:
0 comment(s)
Diary Archives