[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

applicable exploit for winxp-sp2-uptodate Internet Explorer

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: applicable exploit for winxp-sp2-uptodate Internet Explorer
From: Liu Die Yu <liudieyu@xxxxxxxxxxxxx>
Date: 11 Jan 2005 16:33:15 -0000


patch will come in hours(at least i believe so).

many people(paul of greyhats and mike, sandblad of secunia and shreddersub7) 
already provided proof-of-concept remote-code-execution exploit for 
winxp-sp2-uptodate Internet Explorer.

the problem is: their code is simply not applicable in real attack. so i made 
this:
http://0daymon.org/monitor/injecthh-op-2/dir/injecthh_op_2-code_by_liudieyu
http://0daymon.org/monitor/injecthh-op-2/dir.zip

Follow-Ups:
- IE HHCTRL exploit still usable even after patch
  - From: Valentin Avram

Prev by Date: HylaFAX hfaxd unauthorized login vulnerability
Next by Date: EEYE: Windows ANI File Parsing Buffer Overflow
Previous by thread: HylaFAX hfaxd unauthorized login vulnerability
Next by thread: IE HHCTRL exploit still usable even after patch
Index(es):
- Date
- Thread