|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
CRITICAL??? - Seven New Flaws in Internet Explorer not addressed by MS03-040 or MS03-048
From: Kusnierz, Danny (dkusnier
BALL.COM)
Date: Wed Nov 26 2003 - 14:24:00 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
There is an EXPLOIT available 11/25/03 using a combination of seven new flaws discovered by Liu Die Yu which allows a properly crafted web site to download and execute arbitrary code without user intervention using Internet Explorer on a fully patched machine. I tried it myself after it was reported by Dan Drumm in our Telecom dept. and we're currently discussing the necessity of turning off Active Scripting.
Danny Kusnierz
Technical Services
Ball Corporation
Secunia Advisory:
http://www.secunia.com/advisories/9711
Demo Exploit Code (downloads and runs .exe of fire burning on computer screen without user intervention):
<http://www.safecenter.net/UMBRELLAWEBV4/1stCleanRc/1stCleanRc-Demo/index.html>
----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa. Promotion expires
12/31/03 and cannot be used in combination with other offers.
----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]