.

Exploit Released for Critical PC Hijack Flaw

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Jan 12, 2007 1:09 pm

Exploit Released for Critical PC Hijack Flaw

A fully working exploit for a high-risk vulnerability fixed by Microsoft two days ago has been put into limited release, prompting new "patch now" warnings from computer security experts.

The exploit, which allows PC takeover attacks on Windows XP SP2, has been published to Immunity's partners program, which offers up-to-the minute information on new vulnerabilities and exploits to IDS (intrusion detection companies) and larger penetrating testing firms.

Immunity, based in Miami Beach, Fla., sells access to the partners program for around $40,000, according to founder Dave Aitel.

The company's exploit takes aim at a "critical" bug in the way VML (Vector Markup Language) is implemented in Windows. It has been successfully tested on Windows XP SP2 and Windows 2000, with default installations of Internet Explorer 6.0.

"This is a fully working exploit, [it] will give you full access to do anything on the target machine," says Immunity researcher Kostya Kortchinsky.

The exploit was created and confirmed in less than three hours after Microsoft's Patch Tuesday release on Jan. 9, a fact that clearly illustrates just how much the gap has narrowed between patch release and full deployment on enterprise networks.


For full story:
http://www.eweek.com/article2/0,1895,20 ... 10807EP27A

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Cutaway

User avatar

Jr. Member
Jr. Member

Posts: 96

Joined: Mon Nov 20, 2006 5:02 pm

Post Fri Jan 12, 2007 11:55 pm

Re: Exploit Released for Critical PC Hijack Flaw

They had to be sitting on this one.  And it wouldn't surprise me.  Just watching their DailyDave thread shows you how in tune this community and the Immunity staff are to existing vulnerabilities and exploit issues.

Cutaway
Go forth and do good things,
Cutaway

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software