Exploit Released for Critical PC Hijack Flaw

Viewing 1 reply thread
  • Author
    Posts
    • #1004
      Don Donzal
      Keymaster

      A fully working exploit for a high-risk vulnerability fixed by Microsoft two days ago has been put into limited release, prompting new “patch now” warnings from computer security experts.

      The exploit, which allows PC takeover attacks on Windows XP SP2, has been published to Immunity’s partners program, which offers up-to-the minute information on new vulnerabilities and exploits to IDS (intrusion detection companies) and larger penetrating testing firms.

      Immunity, based in Miami Beach, Fla., sells access to the partners program for around $40,000, according to founder Dave Aitel.

      The company’s exploit takes aim at a “critical” bug in the way VML (Vector Markup Language) is implemented in Windows. It has been successfully tested on Windows XP SP2 and Windows 2000, with default installations of Internet Explorer 6.0.

      “This is a fully working exploit, [it] will give you full access to do anything on the target machine,” says Immunity researcher Kostya Kortchinsky.

      The exploit was created and confirmed in less than three hours after Microsoft’s Patch Tuesday release on Jan. 9, a fact that clearly illustrates just how much the gap has narrowed between patch release and full deployment on enterprise networks.

      For full story:
      http://www.eweek.com/article2/0,1895,2082416,00.asp?kc=EWEWEMNL010807EP27A

      Don

    • #11181
      Cutaway
      Participant

      They had to be sitting on this one.  And it wouldn’t surprise me.  Just watching their DailyDave thread shows you how in tune this community and the Immunity staff are to existing vulnerabilities and exploit issues.

      Cutaway

Viewing 1 reply thread
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?