0-Day vuln Exploit in the wild

Rednose · Mar 31, 2007

You can find an Unofficial Patch with Source Code from eEye Digital Security HERE.

As with every Unofficial Patch : USE IT AT YOUR OWN RISK !

Greetz, Red.

Edit:

AplusWebMaster said:
BTW: I find no one else recommending that patch -except- eEye...

That is most of the time the case with Unofficial Patches. They have to be researched first. So when they are published ( and if they are good ) it takes a few days before they are "recommended".

But the patch is published on several security- and non-security related websites.

Greetz, Red.

Edit:
Btw. I forgot to tell you that my source is sans.org

Greetz, Red.

Rednose · Apr 2, 2007

Lol

And who recommands this patch except from ZERT :scratch:

Greetz, Red.

Rednose · Apr 2, 2007

Btw. ZERT don't even know at what version they are : v1 or v2 ...

Testing the eEye patch on the ZERT test page I got this message :

you do not appear to be vulnerable to the ie ani cursor exploit
for more information about the exploit and the patch visit: zert

note: this test may not be effective against all known and vulnerable versions of user32.dll.
if the test does not crash your browser, you may still be vulnerable.
please check the microsoft advisory for a list of known affected software.

Greetz, Red.

http://forums.spybot.info/showthread.php?p=77745

Rednose · Apr 2, 2007

My last post in this "copy and paste" forum part. There are better security forums.

Greetz, Red.

tashi · Apr 2, 2007

Rednose said:
There are better security forums.

Greetz, Red.

Sorry you feel that way, you can always post your alerts information in this forum.
All members are free to do so, but probably best to start one's own topic rather post in an on-going one..... to avoid confusion.

I will close this thread.

0-Day vuln Exploit in the wild

Rednose

New member

Rednose

New member

Rednose

New member

Rednose

New member

tashi

Member of Team Spybot