[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Microsoft patches the WMI Object Broker bug

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Microsoft patches the WMI Object Broker bug
From: H D Moore <fdlist@xxxxxxxxxxxxxxxxxx>
Date: Wed, 1 Nov 2006 13:21:00 -0600

http://www.microsoft.com/technet/security/advisory/927709.mspx

The Metasploit 2 module (ie_createobject)[1] has been exploiting this bug 
since it was released in August. Glad to see they finally noticed.

Thanks to Aviv for noticing / sending me the link.

-HD

1. http://metasploit.com/projects/Framework/exploits.html#ie_createobject

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Microsoft patches the WMI Object Broker bug
  - From: H D Moore
- Re: [Full-disclosure] Microsoft patches the WMI Object Broker bug
  - From: Dude VanWinkle

Prev by Date: [Full-disclosure] Outpost Insufficient validation of 'SandBox' driver input buffer
Next by Date: Re: [Full-disclosure] Microsoft patches the WMI Object Broker bug
Previous by thread: [Full-disclosure] Outpost Insufficient validation of 'SandBox' driver input buffer
Next by thread: Re: [Full-disclosure] Microsoft patches the WMI Object Broker bug
Index(es):
- Date
- Thread