Recent Posts
- Scary monsters (and super creeps)
- Happy exploit wednesday!
- All you can spray
- Update: PDF sploits in the wild
- PDF sploits in the wild
- MPEG2TuneRequest 0-day
- Bad guys and sexy sploits: CVE-2009-1537
- Use the source, Luke!
- Vuln: Microsoft Excel Object Type Confusion Remote ..
-
Microsoft Excel Object Type Confusion Remote Code Execut..
- Vuln: Microsoft Excel MDXSET Record Remote Heap Buf..
-
Microsoft Excel MDXSET Record Remote Heap Buffer Overflo..
- Vuln: RETIRED: Microsoft March 2010 Advance Notific..
-
RETIRED: Microsoft March 2010 Advance Notification Multi..
Categories
Comments
- abhi:Hi, I go
- k`sOSe:sorry for that,
- ftk:can you reuploa
- Vincent:Yup, 403.
- DG:403 Forbidden f
- k`sOSe:yep, exactly. t
- Thierry :"assuming
- h4x0r:Yeahhh ! i,m w
- snip:All work and no
- testonly:hi, i tried thi
- k`sOSe:hello w0lf, tha
- w0lf:hello frist of
- k`sOSe:Hi send9, feel
- k`sOSe:heya snip, than
- send9:Nice. I don
- snip:Guido, questa m
- fXsTar:Infernet eXplod
- k`sOSe:yeah indeed, my
- nopper:w00ting club :)
- k`sOSe:well said patri
- k`sOSe:thx
- sweet :cool shit you g
- k`sOSe:Fossi in te ci
- devon:Appena fixano r
PornoSecurity: sexy vulns, porno sploits and the like
MS Internet Explorer XML Parsing Remote Exploit
Posted on 2008-12-10 17:31:19 in PornoSecurity
This was found by somebody while it is being exploited in the wild. ISC claims it is a 0day and it is not patched by the MS december bulletin but I can't reproduce the bug on a system patched this morning...
Internet Explorer 6 and 7 seems to be vulnerable and I managed to achieve code execution on Windows XP SP3. As usual you can find the exploit here.