myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron - My IT Forums Blog

Sharing Security Developments, and Best Practices for corporate and home users

MS06-051: MoBB - Putting the fun in browser fun 

MS06-051 is an important one to have installed for protection. 

MS06-051: MoBB - Putting the fun in browser fun 
http://metasploit.blogspot.com/2006/08/putting-fun-in-browser-fun.html

QUOTE: The important take away is that the use of this
technique means that all of the otherwise
non-exploitable issues reported in H D's postings can
potentially be exploited in a reliable fashion through
the use of this technique. However, it will only work
on machines that are not patched with the latest
critical updates since this issue has now been
addressed by the patch that was created for MS06-051.
At any rate, it would be interesting to know what
other applications might be vulnerable to this type of
attack as well as other interesting ways to achieve it
in Internet Explorer.


http://browserfun.blogspot.com/

QUOTE: Matt Miller posted to the Metasploit Blog about
a technique that allows arbitrary code execution in
Internet Explorer using any fatal unhandled exception.
Every Internet Explorer denial of service flaw is
exploitable if MS06-051 has not been installed. More
information can be found in the Uninformed Journal
article.

Exploiting the Otherwise Non-exploitable on Windows 
http://uninformed.org/index.cgi?v=4&a=5
Published Aug 18 2006, 12:34 AM by hwaldron

Comments

No Comments

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems