Follow Liquidmatrix

FacebookTwitterRSS

Subscribe by Email

IE7 0-Day In The Wild

IE7 0-Day in the wild today. The proof of concept code is available on Milw0rm site.

SANS has a write up on the 0-Day that “is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine.”

From Milw0rm:

// k`sOSe 12/10/2008 – tested on winxp sp3, explorer 7.0.5730.13

// windows/exec – 141 bytes
// http://www.metasploit.com
// EXITFUNC=seh, CMD=C:\WINDOWS\system32\calc.exe

http://(snip)

# milw0rm.com [2008-12-10]

The folks at Websense should have an alert posted shortly. And here is the link for the Secunia advisory. McAfee has a posting regarding this matter.

Article Link

UPDATE: (Dec. 12) Also affects IE5 IE6 and IE8 Article Link

Posted by on December 10, 2008. Filed under Exploit. You can follow any responses to this entry through the RSS 2.0. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>