Browser bugs, tricks, and hacks.
Matt Miller posted to the Metasploit Blog about a technique that allows arbitrary code execution in Internet Explorer using any fatal unhandled exception. Every Internet Explorer denial of service flaw is exploitable if MS06-051 has not been installed. More information can be found in the Uninformed Journal article.
posted by hdm @ 7:07 AM
3 comments
links to this post
MoBB #30 was silently fixed last Tuesday by Microsoft's cumulative security patch for Internet Explorer (MS06-042).
posted by avivra @ 1:24 AM
0 comments
links to this post
Microsoft released MS06-044 to address a local zone privilege escalation vulnerability I reported in Internet Explorer 5 on Windows 2000. According to Microsoft, over five million people are still using the Windows Update service with Internet Explorer 5. This vulnerability exploits a XSS flaw in the RT_HTML resource of a DLL included with Windows 2000. The demonstration below will use this XSS flaw to execute calc.exe on vulnerable systems.
posted by hdm @ 11:30 AM
2 comments
links to this post
As promised, I have released my ActiveX fuzzing tool, aptly named AxMan. This tool was used to discover and debug almost every single ActiveX flaw published during the Month of Browser Bugs. In addition to the MoBB issues, this tool discovered over 100 unique flaws on a Windows XP SP2 system with common third-party packages installed. I am releasing this tool without my blacklist.js file of discovered vulnerabilities; this should give the vendors some breathing room while they figure out how to address these problems. An online demonstration of AxMan is available, but the interface is not designed to work across a slow network and a locally installed version will run much faster. Enjoy and happy bug hunting!
posted by hdm @ 12:34 AM
12 comments
links to this post