republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Microsoft Security Advisory (935423) Vulnerability in Window
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
dinput.dll »
« Pimp my Tinfoil hat  
AuthorAll Replies

Mele20
Premium
join:2001-06-05
Hilo, HI

1 edit		reply to NICK ADSL UK
Re: Microsoft Security Advisory (935423) Vulnerability in Window

Click for full size
Exploit code here:

»seclists.org/fulldisclosure/2007···563.html

Doesn't work if DEP is on for Explorer.

POC is here:

»seclists.org/fulldisclosure/2007···569.html

When I go to that POC on IE6 on XP Pro SP2, IE immediately crashes.

When go on Fx 1.5.0.11, I get this WHEN USING THE PROXOMITRON WITH SIDKI'S FILTERS:

Microsoft Windows .ANI 0DAY Exploit
Copyright (c) 2007 devcode
• JS Alert: Boo

If I go to to the POC on Fx, WITH PROXO DISABLED, Fx appears to be vulnerable! Or am I misinterpreting this? I do not use an extension to turn off scripting in Fx because I feel the Proxomitron will protect in that area as it has done in this instance.

EDIT: I tried the POC again on Fx with Proxo enabled and now I am getting the same thing I have shown in the screenshot. Orginally, with Proxo running, I only got a plain text alert in the upper left corner of the screen about the javascript. Now I am seeing the popup with Boo in it. I'm not sure what this signifies in regards to Fx vulnerability. Maybe nothing because Fx doesn't crash at POC like IE does? Maybe I need to close and reopen Fx to get an accurate test? I have too many tabs open to do that!
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"

»www.msfirefox.com/
to forum · permalink · · 2007-03-31 20:08:55 · Reply to this
Forums » Up and Running » Security » Securitydinput.dll »
« Pimp my Tinfoil hat  

Saturday, 28-Nov 19:02:05 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [66] Weekend Open Thread
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· Why would I want an e reader? [General Questions]
· [Newsgroups] Newzleech down? [Filesharing Software]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· Why not just turn off the ignition? [Automotive]
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]
· Gizmo5 has added a Google Voice section in its members area. [VOIP Tech Chat]
· how to use the 2nd line with phone hooked to the 1st line? [VOIP Tech Chat]