.

FYI: MS08-021 Exploits are formulating...

<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Thu Apr 10, 2008 5:09 pm

FYI: MS08-021 Exploits are formulating...

It doesn't appear succesful, yet, but give it time.

The DeepSight honeynet has observed in-the-wild exploit attempts targeting a GDI vulnerability patched by Microsoft on April 8, 2008. The malicious image appears to target the Microsoft Windows GDI Stack Overflow Vulnerability (BID 28570). At least three different sites are hosting the images; two different malicious binaries are associated with the attacks. Analysis of the images has shown that although they appear to be malicious, they do not contain enough data in the associated image property to sufficiently trigger the vulnerability.


Read more:  http://www.symantec.com/security_respon ... /index.jsp
Poking at security since 1986.  +++ATH
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Thu Apr 10, 2008 5:18 pm

Re: FYI: MS08-021 Exploits are formulating...

Also, just checked the milw0rm and packerstorm exploit code databases, and it doesn't appear that this code has reached full disclosure... yet.

Update: The Full Disclosure list also has nothing at this point.
Last edited by rance on Thu Apr 10, 2008 5:24 pm, edited 1 time in total.
Poking at security since 1986.  +++ATH
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Mon Apr 14, 2008 2:07 pm

Re: FYI: MS08-021 Exploits are formulating...

`sploit code has been posted to milw0rm.

Also, SANS ISC has a matrix showing more and more `sploiting going on for the latest round of patches... including 021, 022, 023, and 025.  Info here: http://isc.sans.org/diary.html?storyid=4264
Poking at security since 1986.  +++ATH

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software