MS05-020: DHTML Proof of Concept Exploit Developed

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

MS05-020: DHTML Proof of Concept Exploit Developed
http://isc.sans.org/diary.php?date=2005-04-12

MS05-020 - Cumulative Security Update for Internet Explorer. This aggregate patch addresses several vulnerabilities in Internet Explorer that could lead to remote code execution:

* DHTML Object Memory Corruption Vulnerability (CAN-2005-0553)
* URL Parsing Memory Corruption Vulnerability (CAN-2005-0554)
* Content Advisor Memory Corruption Vulnerability (CAN-2005-0555)

Special note: A proof-of-concept exploit for this vulnerability is already publicly available from FrSIRT. The availability of the exploit is likely to increase the severity of this patch for most organizations.

French Security Incident Response Team
http://www.frsirt.com/english/

Microsoft Internet Explorer DHTML Object handling Exploit (MS05-020) - Please be careful as actual POC code is present in this link
http://www.frsirt.com/exploits/20050412.InternetExploiter2.php

Posted: Apr 13 2005, 09:46 PM by Harry Waldron | with 2 comment(s)

Comments

TrackBack said:

# April 14, 2005 4:18 AM

TrackBack said:

# April 14, 2005 4:18 AM

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.

Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)