PDA

View Full Version : 0-Day vuln Exploit in the wild



Rednose
2007-03-31, 16:48
You can find an Unofficial Patch with Source Code from eEye Digital Security HERE (http://research.eeye.com/html/alerts/zeroday/20070328.html).

As with every Unofficial Patch : USE IT AT YOUR OWN RISK !

Greetz, Red.

Edit:

BTW: I find no one else recommending that patch -except- eEye...

That is most of the time the case with Unofficial Patches. They have to be researched first. So when they are published ( and if they are good ) it takes a few days before they are "recommended".

But the patch is published on several security- and non-security related websites.

Greetz, Red.

Edit:
Btw. I forgot to tell you that my source is sans.org (http://isc.sans.org/diary.html?storyid=2534)

Greetz, Red.

Rednose
2007-04-02, 03:06
Lol :) And who recommands this patch except from ZERT :scratch:

Greetz, Red.

Rednose
2007-04-02, 03:57
Btw. ZERT don't even know at what version they are : v1 or v2 ...

Testing the eEye patch on the ZERT test page I got this message :


you do not appear to be vulnerable to the ie ani cursor exploit
for more information about the exploit and the patch visit: zert

note: this test may not be effective against all known and vulnerable versions of user32.dll.
if the test does not crash your browser, you may still be vulnerable.
please check the microsoft advisory for a list of known affected software.

Greetz, Red.

http://forums.spybot.info/showthread.php?p=77745

Rednose
2007-04-02, 20:10
My last post in this "copy and paste" forum part. There are better security forums.

Greetz, Red.

tashi
2007-04-02, 21:22
There are better security forums.

Greetz, Red. Sorry you feel that way, you can always post your alerts information in this forum.
All members are free to do so, but probably best to start one's own topic rather post in an on-going one..... to avoid confusion.

I will close this thread.