Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MSIE 'Sploit du Jour - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MSIE 'Sploit du Jour
Yesterday's.
Today's.

#!/bin/sh
cat /usr/home/tliston/diaryheader.html > diary.html
echo "$1 has discovered a vulnerability in Internet Explorer," >> diary.html
echo "which can be exploited by $2 to compromise a user's system." >> diary.html
echo "The vulnerability is caused by an error in $3 " >> diary.html
echo "that can be exploited to $4, by tricking a user into visiting" >> diary.html 
echo " a malicious web site. Successful exploitation allows $5." >> diary.html
cat /usr/home/tliston/diaryfooter.html >> diary.html
mv diary.html /www/htdocs

tommy: tom$: ./ie_dujour.sh
MATTHEW MURPHY has discovered a vulnerability in Internet Explorer, which can be exploited by EVIL HACKERS to compromise a user's system. The vulnerability is caused by an error in A RACE CONDITION IN THE DISPLAY AND PROCESSING OF SECURITY DIALOGS RELATING TO THE INSTALLATION/EXECUTION OF ACTIVEX CONTROLS that can be exploited to CONVINCE A USER TO INSTALL A MALICIOUS ACTIVEX COMPONENT, by tricking a user into visiting a malicious website.  Successful exploitation allows THE ABILITY TO EXECUTE ARBITRARY CODE ON THE TARGET MACHINE.

Sigh...

Handler on Duty: Tom Liston - Intelguardians
Tom

160 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!