Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

MS06-051: MoBB - Putting the fun in browser fun

MS06-051 is also important August update to have installed for improved browser protection.

MS06-051: MoBB - Putting the fun in browser fun
http://metasploit.blogspot.com/2006/08/putting-fun-in-browser-fun.html

QUOTE: The important take away is that the use of this technique means that all of the otherwise non-exploitable issues reported in H D's postings can potentially be exploited in a reliable fashion through the use of this technique. However, it will only work on machines that are not patched with the latest critical updates since this issue has now been addressed by the patch that was created for MS06-051. At any rate, it would be interesting to know what other applications might be vulnerable to this type of attack as well as other interesting ways to achieve it in Internet Explorer.

http://browserfun.blogspot.com/

QUOTE: Matt Miller posted to the Metasploit Blog about a technique that allows arbitrary code execution in Internet Explorer using any fatal unhandled exception. Every Internet Explorer denial of service flaw is exploitable if MS06-051 has not been installed. More information can be found in the Uninformed Journal article.

Exploiting the Otherwise Non-exploitable on Windows
http://uninformed.org/index.cgi?v=4&a=5

Posted: Aug 18 2006, 12:41 AM by Harry Waldron | with no comments