Goedemiddag, Oracle has released a patch for a vulnerability in Java 6 that I reported to them. If you like to know more, you can read about it here: * http://skypher.com/index.php/2010/10/13/issue-2-oracle-java-object-launchjnlp-docbase/ * (Note that this issue was found independently by Stephen Fewer of Harmony Security and reported to Oracle through ZDI) As I mentioned on twitter <http://twitter.com/berendjanwever>, I finally managed to created a <512 byte exploit for MSIE, something I had been wanting to do ever since Internet Exploiter 0. Besides this very small exploit that targets this issue, I also created a much more elaborate exploit that uses ret-into-libc to bypass DEP. This second version of the exploit showcases some advances in heap spraying and ret-into-libc attack implementation and may be of interest to you if you care about such things. I have attached both exploits to this email, but they can also be found in the my issue tracker <http://code.google.com/p/skylined/issues/detail?id=23> . Cheers, SkyLined Berend-Jan Wever <berendjanwever@xxxxxxxxx> Delft, The Netherlands http://skypher.com/SkyLined
Attachment:
iExploit12.zip
Description: Zip archive
Attachment:
iExploit12-DEP.zip
Description: Zip archive
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/