Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Client-Side Exploits - The Mother Lode? SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Client-Side Exploits - The Mother Lode?

As any stroll down the latest Metasploit exploit list will tell you, attacking client technologies is very hot right now, including browsers, mail readers, audio players, etc.  Here is an interesting article from Brian Krebs about a huge area likely to be very ripe with such exploits: ActiveX controls installed by third parties.  Krebs summarizes well the research of Richard M. Smith, who claims to have found a cornucopia of buffer overflow flaws in widely deployed ActiveX controls.  Handler extraordinaire Agent Tom Liston points out the possibility of using a known flaw in an ActiveX control to really help target a given population, such as a given ISP's customers or perhaps a given corporation or government known to use a given ActiveX control.


57 Posts
Jan 31st 2006

Sign Up for Free or Log In to start participating in the conversation!