Recent Posts
- Export Address Table Filtering (EMET v2)
- Time of check, time of use
- MalwareDomains.com Serving Malware
- Scary monsters (and super creeps)
- Happy exploit wednesday!
- All you can spray
- Update: PDF sploits in the wild
- PDF sploits in the wild
- Vuln: OpenSSL 'ssl3_get_key_exchange()' Use-After-F..
-
OpenSSL 'ssl3_get_key_exchange()' Use-After-Free Memory ..
- Vuln: Linux Kernel Controller Area Network Protocol..
-
Linux Kernel Controller Area Network Protocol Local Priv..
- Vuln: Wireshark 0.8.20 through 1.2.8 Multiple Vulne..
-
Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities ..
Categories
Comments
- abhi:Hi, I go
- k`sOSe:sorry for that,
- ftk:can you reuploa
- Vincent:Yup, 403.
- DG:403 Forbidden f
- k`sOSe:yep, exactly. t
- Thierry :"assuming
- h4x0r:Yeahhh ! i,m w
- snip:All work and no
- testonly:hi, i tried thi
- k`sOSe:hello w0lf, tha
- w0lf:hello frist of
- k`sOSe:Hi send9, feel
- k`sOSe:heya snip, than
- send9:Nice. I don
- snip:Guido, questa m
- fXsTar:Infernet eXplod
- k`sOSe:yeah indeed, my
- nopper:w00ting club :)
- k`sOSe:well said patri
- k`sOSe:thx
- sweet :cool shit you g
- k`sOSe:Fossi in te ci
- devon:Appena fixano r
PornoSecurity: sexy vulns, porno sploits and the like
MS Internet Explorer XML Parsing Remote Exploit
Posted on 2008-12-10 17:31:19 in PornoSecurity
This was found by somebody while it is being exploited in the wild. ISC claims it is a 0day and it is not patched by the MS december bulletin but I can't reproduce the bug on a system patched this morning...
Internet Explorer 6 and 7 seems to be vulnerable and I managed to achieve code execution on Windows XP SP3. As usual you can find the exploit here.