Jump to content


Photo

Exploits posted for MS07-031 and MS07-033


  • Please log in to reply
1 reply to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,449 posts

Posted 14 June 2007 - 07:50 AM

FYI...

- http://preview.tinyurl.com/3bpuol
June 13, 2007 (Computerworld) - "Exploits appeared within hours for two of the bugs that Microsoft Corp. fixed yesterday... A. Micalizzi went public with a pair of exploits -- one successful against Windows 2000, the other against Windows XP -- that leverage one of the six IE bugs patched yesterday. A bug -- actually two because both the ActiveListen and ActiveVoice ActiveX controls are flawed -- was tagged "critical" in IE6 on Windows 2000 and Windows XP SP2, and "critical" in IE7 on both XP SP2 and Windows Vista. ActiveListen and ActiveVoice provide speech processing and text-to-speech to the browser. Microsoft's MS07-033 security update fixed the flaw... Today, another researcher posted proof-of-concept exploit code on Full Disclosure for the critical SChannel (Security Channel) vulnerability patched in MS07-031. Thomas Lim, CEO of Singapore-based COSEINC, said his exploit "may lead to an unrecoverable heap corruption condition, causing the application to terminate," or in some cases, repeatedly crash an application to cause a system reboot. His exploit wasn't able to inject remote code, however..."


:eek:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,449 posts

Posted 23 June 2007 - 05:24 PM

FYI...

MS07-033 exploit in use in the wild
- http://isc.sans.org/...ml?storyid=3036
Last Updated: 2007-06-23 15:29:36 UTC ~ "The Symantec folks identified a website exploiting a bug from this months Microsoft patches, specifically the Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerability. Here is the URL to their blog entry:

http://www.symantec....etects_obf.html

Apparently, the actual exploit is similar to the proof of concept code posted on a popular exploit site ten days ago."


:eek:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button