FYI...
- http://preview.tinyurl.com/3bpuol
June 13, 2007 (Computerworld) - "Exploits appeared within hours for two of the bugs that Microsoft Corp. fixed yesterday... A. Micalizzi went public with a pair of exploits -- one successful against Windows 2000, the other against Windows XP -- that leverage one of the six IE bugs patched yesterday. A bug -- actually two because both the ActiveListen and ActiveVoice ActiveX controls are flawed -- was tagged "critical" in IE6 on Windows 2000 and Windows XP SP2, and "critical" in IE7 on both XP SP2 and Windows Vista. ActiveListen and ActiveVoice provide speech processing and text-to-speech to the browser. Microsoft's MS07-033 security update fixed the flaw... Today, another researcher posted proof-of-concept exploit code on Full Disclosure for the critical SChannel (Security Channel) vulnerability patched in MS07-031. Thomas Lim, CEO of Singapore-based COSEINC, said his exploit "may lead to an unrecoverable heap corruption condition, causing the application to terminate," or in some cases, repeatedly crash an application to cause a system reboot. His exploit wasn't able to inject remote code, however..."
:eek:

Exploits posted for MS07-031 and MS07-033
Started by
AplusWebMaster
, Jun 14 2007 06:50 AM
1 reply to this topic
#2
Posted 23 June 2007 - 04:24 PM
FYI...
MS07-033 exploit in use in the wild
- http://isc.sans.org/...ml?storyid=3036
Last Updated: 2007-06-23 15:29:36 UTC ~ "The Symantec folks identified a website exploiting a bug from this months Microsoft patches, specifically the Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerability. Here is the URL to their blog entry:
http://www.symantec....etects_obf.html
Apparently, the actual exploit is similar to the proof of concept code posted on a popular exploit site ten days ago."
:eek:
MS07-033 exploit in use in the wild
- http://isc.sans.org/...ml?storyid=3036
Last Updated: 2007-06-23 15:29:36 UTC ~ "The Symantec folks identified a website exploiting a bug from this months Microsoft patches, specifically the Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerability. Here is the URL to their blog entry:
http://www.symantec....etects_obf.html
Apparently, the actual exploit is similar to the proof of concept code posted on a popular exploit site ten days ago."
:eek:
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.